Analyse rapport hitjackthis

Résolu
nono5577 Messages postés 45 Statut Membre -  
moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour,
C'est ma première demande d'aide sur ce forum,merci d'être indulgent si je ne procéde pas comme il faut.

Après une infection avec "antimalware doctor",j'ai scanné mon PC avec mon antivirus(NIS 2009) et "anti malware bytes".Ils ont apparemment éradiqué les problèmes.
Pour en être sur ,j'aimerais que vous analysiez le rapport hitjackthis suivant:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:34:39, on 01/06/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\apps\ABoard\ABoard.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Hercules\DualPix Exchange\Camservice.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.sfr.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=BM3
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Street-Ads Browser Enhancer aacutskf - {249FFB57-D18D-4AAD-AAB6-8637287F3A8E} - C:\WINDOWS\system32\aacutskf.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BOOT] C:\Program Files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe /BOOT
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [CamserviceDP] C:\Program Files\Hercules\DualPix Exchange\Camservice.exe /startup
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UsbBoost] C:\Program Files\UsbBoost\TurboHddUsb.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [skb] rundll32 "kvzfzlyj.dll",,Run
O4 - HKLM\..\Run: [MChk] C:\WINDOWS\system32\nhhcuetp.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = ?
O4 - Global Startup: OFFICE One Clock v6.5.lnk = C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} - http://www.m6video.fr/1click/install/files/installer2.cab
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/importer/MypixUploader.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega.DMFacade.Interface) - https://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4948/mcfscan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15109/CTPID.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Service Google Update (gupdate1c9d705ec2397f6) (gupdate1c9d705ec2397f6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Fichiers communs\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
End of file - 14248 bytes

Merci d'avance.

24 réponses

  • 1
  • 2
Résumé de la discussion

La discussion porte sur l'analyse d'un rapport HijackThis après une infection avec 'antimalware doctor' et sur l'identification des éléments potentiellement indésirables dans Windows, ainsi que leur remise en état. Des réponses évoquent l'utilisation d'un outil tel que ZHPFix et les choix à faire lors de l'exécution, notamment qui doit lancer l'opération et comment protéger les données. Un deuxième commentaire indique que le rapport initial pourrait être incomplet ou incorrect et recommande de poster le bon rapport ou de refaire la manipulation pour confirmer l'état du système. Dans le suivi, un nouveau rapport montre que l'élément suspect street ads browser aacutskf semble avoir disparu, ce qui illustre l'évolution possible d'une infection et l'efficacité des mesures.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    bonjour

    restent des choses

    1)

    poster ici le rapport de suppression de MalwareByte's Anti-Malware

    .................

    2)

    Télécharge Yoog_Fix sur ton Bureau : Yoog_Fix.exe
    http://batchdhelus.open-web.fr/programme/Yoog_Fix.exe

    Lance Yoog_Fix.exe qui est placé sur ton Bureau.
    Si tu acceptes le disclamer tu cliques sur OK puis choisie l'option 1 Recherche / Suppression
    Attends que le scan soit terminé, une fenêtre va t'en informer --> Cliquez sur OK.
    Un rapport s'affiche, poste le dans ta prochaine réponse.
    tutoriel: http://batchdhelus.open-web.fr/programme/tutoriels/tutoriel_option1.html
    Note : Il se peut que Yoog_Fix soit détecté par ton antivirus comme dangereux. Cette alerte est un faux positif, Désactive tes protections résidentes !!!

    ..............

    3)

    Télécharge ZHPDiag ( de Nicolas coolman ).
    https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html

    (outil de diagnostic)

    Double clique sur le fichier d'installation, puis installe le avec les paramètres par défaut ( N'oublie pas de cocher " Créer une icône sur le bureau " )

    Lance ZHPDiag en double cliquant sur l'icône présente sur ton bureau (Clique droit -> Executer en tant qu'admin pour vista )

    Clique sur la loupe en haut à gauche, puis laisse l'outil scanner.

    Une fois le scan terminé, clique sur l'icône en forme de disquette et enregistre le fichier sur ton bureau.

    Rend toi sur Cjoint : http://www.cijoint.fr/

    Clique sur "Parcourir " dans la partie " Joindre un fichier[...] "

    Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau

    Clique ensuite sur "Cliquez ici pour déposer le fichier " et copie/colle le lien dans ton prochain message

    si soucis avec ci joint. fr => utiliser https://www.cjoint.com/

    0
  2. nono5577 Messages postés 45 Statut Membre
     
    Merci de répondre aussi vite.VoiMalwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Version de la base de données: 4146

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    31/05/2010 12:54:23
    mbam-log-2010-05-31 (12-54-23).txt

    Type d'examen: Examen rapide
    Elément(s) analysé(s): 204190
    Temps écoulé: 27 minute(s), 53 seconde(s)

    Processus mémoire infecté(s): 1
    Module(s) mémoire infecté(s): 1
    Clé(s) du Registre infectée(s): 14
    Valeur(s) du Registre infectée(s): 2
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 8

    Processus mémoire infecté(s):
    D:\Documents and Settings\Papa\Application Data\07C07881B73964FADA66322D3571BB07\gotnewupdate000.exe (Malware.Packer.Gen) -> Unloaded process successfully.

    Module(s) mémoire infecté(s):
    C:\WINDOWS\system32\kvzfzlyj.dll (Adware.EZlife) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\cscrptxt.cscrptxt (Adware.EZlife) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{15bfa5ce-9873-41c0-b305-bb17620b79fb} (Adware.EZlife) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{15bfa5ce-9873-41c0-b305-bb17620b79fb} (Adware.EZlife) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15bfa5ce-9873-41c0-b305-bb17620b79fb} (Adware.EZlife) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.EZlife) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\adgj.aghlp (Adware.EZLife) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\adgj.aghlp.1 (Adware.EZLife) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gotnewupdate000.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uxvfflazvgatpg (Trojan.Agent) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    D:\Documents and Settings\Papa\Application Data\07C07881B73964FADA66322D3571BB07\gotnewupdate000.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\kvzfzlyj.dll (Adware.EZlife) -> Delete on reboot.
    D:\Documents and Settings\Papa\Local Settings\Temporary Internet Files\Content.IE5\3HE3O2TS\gotnewupdate000[1].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
    D:\Documents and Settings\Papa\Bureau\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
    D:\Documents and Settings\Papa\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
    D:\Documents and Settings\Papa\Menu Démarrer\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
    D:\Documents and Settings\Papa\Menu Démarrer\Programmes\Démarrage\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\uljzkidrkikgnomgl.dll (Trojan.Agent) -> Delete on reboot.
    ci le rapport "M.ANTIM.BYTES"initial:
    0
    1. nono5577 Messages postés 45 Statut Membre
       
      Malwarebytes' Anti-Malware 1.46
      www.malwarebytes.org

      Version de la base de données: 4146

      Windows 5.1.2600 Service Pack 3
      Internet Explorer 8.0.6001.18702

      31/05/2010 12:54:23
      mbam-log-2010-05-31 (12-54-23).txt

      Type d'examen: Examen rapide
      Elément(s) analysé(s): 204190
      Temps écoulé: 27 minute(s), 53 seconde(s)

      Processus mémoire infecté(s): 1
      Module(s) mémoire infecté(s): 1
      Clé(s) du Registre infectée(s): 14
      Valeur(s) du Registre infectée(s): 2
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 8

      Processus mémoire infecté(s):
      D:\Documents and Settings\Papa\Application Data\07C07881B73964FADA66322D3571BB07\gotnewupdate000.exe (Malware.Packer.Gen) -> Unloaded process successfully.

      Module(s) mémoire infecté(s):
      C:\WINDOWS\system32\kvzfzlyj.dll (Adware.EZlife) -> Delete on reboot.

      Clé(s) du Registre infectée(s):
      HKEY_CLASSES_ROOT\cscrptxt.cscrptxt (Adware.EZlife) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{15bfa5ce-9873-41c0-b305-bb17620b79fb} (Adware.EZlife) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{15bfa5ce-9873-41c0-b305-bb17620b79fb} (Adware.EZlife) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15bfa5ce-9873-41c0-b305-bb17620b79fb} (Adware.EZlife) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.EZlife) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\adgj.aghlp (Adware.EZLife) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\adgj.aghlp.1 (Adware.EZLife) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

      Valeur(s) du Registre infectée(s):
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gotnewupdate000.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uxvfflazvgatpg (Trojan.Agent) -> Quarantined and deleted successfully.

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      D:\Documents and Settings\Papa\Application Data\07C07881B73964FADA66322D3571BB07\gotnewupdate000.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\kvzfzlyj.dll (Adware.EZlife) -> Delete on reboot.
      D:\Documents and Settings\Papa\Local Settings\Temporary Internet Files\Content.IE5\3HE3O2TS\gotnewupdate000[1].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
      D:\Documents and Settings\Papa\Bureau\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
      D:\Documents and Settings\Papa\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
      D:\Documents and Settings\Papa\Menu Démarrer\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
      D:\Documents and Settings\Papa\Menu Démarrer\Programmes\Démarrage\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\uljzkidrkikgnomgl.dll (Trojan.Agent) -> Delete on reboot.
      0
  3. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    vu

    => Yoog_Fix
    0
    1. nono5577 Messages postés 45 Statut Membre
       
      Bonsoir,
      Qu'est-ce qui vous fais penser que je suis infecté par yoog search ?
      Cordialement.
      0
  4. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    O2 - BHO: Street-Ads Browser Enhancer aacutskf - {249FFB57-D18D-4AAD-AAB6-8637287F3A8E} - C:\WINDOWS\system32\aacutskf.dll
    0
    1. nono5577 Messages postés 45 Statut Membre
       
      Bonjour,
      Merci de me répondre toujours aussi vite.
      J'ai refait un rapport hitjackthis ce matin,il me semble que "street ads browser aacutskf" nest plus présent.
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 11:55:06, on 02/06/2010
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v8.00 (8.00.6001.18702)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
      C:\WINDOWS\system32\CTsvcCDA.exe
      C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
      C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
      C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
      C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
      c:\APPS\Powercinema\Kernel\TV\CLSched.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
      C:\apps\ABoard\ABoard.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\apps\ABoard\AOSD.exe
      C:\Program Files\Hercules\DualPix Exchange\Camservice.exe
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
      C:\Apps\Powercinema\PCMService.exe
      C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
      C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Logitech\SetPoint\SetPoint.exe
      C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
      C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe
      C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Windows Live\Toolbar\wltuser.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.sfr.fr/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=BM3
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
      O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
      O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
      O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
      O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
      O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
      O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
      O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [BOOT] C:\Program Files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe /BOOT
      O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
      O4 - HKLM\..\Run: [CamserviceDP] C:\Program Files\Hercules\DualPix Exchange\Camservice.exe /startup
      O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
      O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
      O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [UsbBoost] C:\Program Files\UsbBoost\TurboHddUsb.exe
      O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
      O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [skb] rundll32 "kvzfzlyj.dll",,Run
      O4 - HKLM\..\Run: [MChk] C:\WINDOWS\system32\nhhcuetp.exe
      O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Logitech SetPoint.lnk = ?
      O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = ?
      O4 - Global Startup: OFFICE One Clock v6.5.lnk = C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe
      O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
      O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
      O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
      O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} - http://www.m6video.fr/1click/install/files/installer2.cab
      O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/importer/MypixUploader.cab
      O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
      O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
      O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
      O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
      O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega.DMFacade.Interface) - https://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4948/mcfscan.cab
      O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15109/CTPID.cab
      O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
      O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
      O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
      O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
      O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
      O23 - Service: Service Google Update (gupdate1c9d705ec2397f6) (gupdate1c9d705ec2397f6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
      O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
      O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
      O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
      O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
      O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Fichiers communs\Symantec Shared\Support Controls\ssrc.exe
      O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
      0
    2. nono5577 Messages postés 45 Statut Membre
       
      Une autre question :
      Que sont,"04 kvzfzly.dll run"
      04 nhhcuetp.exe
      Merci encore.
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    des infections...

    d'où ma demande de ZHP que je renouvelle

    Télécharge ZHPDiag ( de Nicolas coolman ).
    https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html

    (outil de diagnostic)

    Double clique sur le fichier d'installation, puis installe le avec les paramètres par défaut ( N'oublie pas de cocher " Créer une icône sur le bureau " )

    Lance ZHPDiag en double cliquant sur l'icône présente sur ton bureau (Clique droit -> Executer en tant qu'admin pour vista )

    Clique sur la loupe en haut à gauche, puis laisse l'outil scanner.

    Une fois le scan terminé, clique sur l'icône en forme de disquette et enregistre le fichier sur ton bureau.

    Rend toi sur Cjoint : http://www.cijoint.fr/

    Clique sur "Parcourir " dans la partie " Joindre un fichier[...] "

    Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau

    Clique ensuite sur "Cliquez ici pour déposer le fichier " et copie/colle le lien dans ton prochain message

    si soucis avec ci joint. fr => utiliser https://www.cjoint.com/

    0
    1. nono5577 Messages postés 45 Statut Membre
       
      Merci,
      http://www.cijoint.fr/cjlink.php?file=cj201006/cijcMVkdqB.txt

      Merci d'avance.
      0
    2. nono5577 Messages postés 45 Statut Membre
       
      Bonjour,
      Le rapport est disponible.
      Merci.
      0
  7. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    bonjour

    1)

    Relance ZHPDiag ( Clic droit " Executer en tant qu'administrateur " sous vista ) , fais un scan puis cette fois-ci cliques sur l'icone en forme d'écusson vert " ZHPFix ".

    ZHPFix se lancera, clique maintenant sur le " H " bleu ( coller les lignes helper ) puis copie/colle ces lignes

    [MD5.020D8D58E06B87E4615A6EC55177E199] - (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\nhhcuetp.exe [40633]
    O4 - HKLM\..\Run: [MChk] . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\nhhcuetp.exe
    O42 - Logiciel: Performance Platform Voguecash - (.Pas de propriétaire.) [HKLM]
    O42 - Logiciel: Sky-Banners browser enhancer - (.Pas de propriétaire.) [HKLM]
    O42 - Logiciel: Street-Ads Browser Enhancer - (.Pas de propriétaire.) [HKLM]
    [HKCU\Software\Sky-Banners]
    [HKCU\Software\Street-Ads]
    [HKLM\Software\Sky-Banners]
    [HKLM\Software\Street-Ads]
    O44 - LFC:[MD5.AECE982E7339D3DC97708D84E50AA234] - 31/05/2010 - 11:18:17 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\dbuwrhfolodm.exe [50981]
    O44 - LFC:[MD5.020D8D58E06B87E4615A6EC55177E199] - 24/05/2010 - 17:31:20 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\nhhcuetp.exe [40633]


    Clique sur " Ok " , puis " Tous " et enfin " Nettoyer ".

    Copie/Colle le rapport à l'écran dans ton prochain message

    ( ce rapport est sauvegardé dans ce dossier C:\Program files\ZHPDiag\ZHPFixReport.txt )

    ........................

    2)

    DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est detecté a tort comme infection)

    ? Télécharge List_Kill'em et enregistre le sur ton bureau

    http://sd-1.archive-host.com/...

    double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

    Laisse coché :

    Executer Shortcut
    Executer List_Kill'em


    une fois terminée , clic sur "terminer" et le programme se lancera seul

    choisis l'option Search

    laisse travailler l'outil

    à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

    Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"

    0
    1. nono5577 Messages postés 45 Statut Membre
       
      LADS - Freeware version 4.10
      (C) Copyright 1998-2007 Frank Heyne Software (http://www.heysoft.de)
      This program lists files with alternate data streams (ADS)
      Use LADS on your own risk!

      Scanning directory C:\WINDOWS\System32\Drivers\

      size ADS in file
      ---------- ---------------------------------

      0 bytes in 0 ADS listed

      Ai-je bien manoeuvré ?
      0
    2. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
       
      pas vraiment

      retentes la manip ZHPFix stp
      0
    3. nono5577 Messages postés 45 Statut Membre
       
      Désolé.
      Pour ZHPfix,mon pc plante au moment de nettoyer,windows me demande "uninstall this wizard" je dis oui et là plantage ,je dois redémarrer.
      Merci.
      0
  8. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    ok

    on y reviendra

    fais List_Kill'em stp
    0
    1. nono5577 Messages postés 45 Statut Membre
       
      OK?ce soir ou demain.
      Merci beaucoup.
      0
    2. nono5577 Messages postés 45 Statut Membre
       
      ¤¤¤¤¤¤¤¤¤¤ List'em by g3n-h@ckm@n 2.0.0.4 ¤¤¤¤¤¤¤¤¤¤

      User : Papa (Administrateurs)
      Update on 23/05/2010 by g3n-h@ckm@n ::::: 15.00
      Start at: 19:27:28 | 03/06/2010

      Intel(R) Pentium(R) 4 CPU 3.20GHz
      Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
      Internet Explorer 8.0.6001.18702
      Windows Firewall Status : Disabled
      AV : Norton Internet Security 16.5.0.134 [ (!) Disabled | Updated ]
      FW : Norton Internet Security[ (!) Disabled ]16.5.0.134

      C:\ -> Disque fixe local | 29,99 Go (12,42 Go free) [HDD] | NTFS
      D:\ -> Disque fixe local | 148,5 Go (109,65 Go free) [DATA] | NTFS
      E:\ -> Disque CD-ROM
      F:\ -> Disque amovible
      G:\ -> Disque amovible
      H:\ -> Disque amovible
      I:\ -> Disque amovible

      Boot: Normal
      ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\svchost.exe
      C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
      C:\WINDOWS\system32\CTsvcCDA.exe
      C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
      C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
      C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
      C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
      c:\APPS\Powercinema\Kernel\TV\CLSched.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe
      C:\WINDOWS\System32\alg.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
      C:\apps\ABoard\ABoard.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\apps\ABoard\AOSD.exe
      C:\Program Files\Hercules\DualPix Exchange\Camservice.exe
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
      C:\Apps\Powercinema\PCMService.exe
      C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
      C:\Program Files\UsbBoost\TurboHddUsb.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Logitech\SetPoint\SetPoint.exe
      C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
      C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe
      C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\Program Files\List_Kill'em\List_Kill'em.exe
      C:\WINDOWS\system32\cmd.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe
      C:\Program Files\List_Kill'em\pv.exe

      ======================
      Keys "Run"
      ======================

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      swg REG_SZ "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
      CTSyncU.exe REG_SZ "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      PHIME2002ASync REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      PHIME2002A REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      High Definition Audio Property Page Shortcut REG_SZ HDAShCut.exe
      AzMixerSel REG_SZ C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
      RTHDCPL REG_SZ RTHDCPL.EXE
      Alcmtr REG_SZ ALCMTR.EXE
      SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
      Ulead AutoDetector v2 REG_SZ C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
      IMJPMIG8.1 REG_SZ "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
      ACTIVBOARD REG_SZ c:\apps\ABoard\ABoard.exe
      ISUSScheduler REG_SZ "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
      TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      NeroCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe
      StandardInstall REG_SZ
      BOOT REG_SZ C:\Program Files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe /BOOT
      StartCCC REG_SZ C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
      CamserviceDP REG_SZ C:\Program Files\Hercules\DualPix Exchange\Camservice.exe /startup
      PCMService REG_SZ "c:\Apps\Powercinema\PCMService.exe"
      IJNetworkScanUtility REG_SZ C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
      Logitech Hardware Abstraction Layer REG_SZ KHALMNPR.EXE
      Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      UsbBoost REG_SZ C:\Program Files\UsbBoost\TurboHddUsb.exe
      CanonSolutionMenu REG_SZ C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
      CanonMyPrinter REG_SZ C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
      QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
      iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
      skb REG_SZ rundll32 "kvzfzlyj.dll",,Run
      MChk REG_SZ C:\WINDOWS\system32\nhhcuetp.exe

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

      =====================
      Other Keys
      =====================

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
      dontdisplaylastusername REG_DWORD 0 (0x0)
      legalnoticecaption REG_SZ
      legalnoticetext REG_SZ
      shutdownwithoutlogon REG_DWORD 1 (0x1)
      undockwithoutlogon REG_DWORD 1 (0x1)

      ===============

      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
      NoDriveTypeAutoRun REG_DWORD 145 (0x91)
      NofolderOptions REG_DWORD 0 (0x0)

      ===============

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
      NoCDBurning REG_DWORD 0 (0x0)
      HonorAutoRunSetting REG_DWORD 1 (0x1)

      ===============

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
      AppInit_DLLS REG_SZ

      ===============

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
      AutoRestartShell REG_DWORD 1 (0x1)
      DefaultDomainName REG_SZ CHAMBRE
      DefaultUserName REG_SZ Papa
      LegalNoticeCaption REG_SZ
      LegalNoticeText REG_SZ
      PowerdownAfterShutdown REG_SZ 0
      ReportBootOk REG_SZ 1
      Shell REG_SZ Explorer.exe
      ShutdownWithoutLogon REG_SZ 0
      System REG_SZ
      Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
      VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
      SfcQuota REG_DWORD -1 (0xffffffff)
      allocatecdroms REG_SZ 0
      allocatedasd REG_SZ 0
      allocatefloppies REG_SZ 0
      cachedlogonscount REG_SZ 10
      forceunlocklogon REG_DWORD 0 (0x0)
      passwordexpirywarning REG_DWORD 14 (0xe)
      scremoveoption REG_SZ 0
      AllowMultipleTSSessions REG_DWORD 1 (0x1)
      UIHost REG_EXPAND_SZ logonui.exe
      LogonType REG_DWORD 1 (0x1)
      Background REG_SZ 0 0 0
      DebugServerCommand REG_SZ no
      SFCDisable REG_DWORD 0 (0x0)
      WinStationsDisabled REG_SZ 0
      HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
      ShowLogonOptions REG_DWORD 0 (0x0)
      AltDefaultUserName REG_SZ Papa
      AltDefaultDomainName REG_SZ CHAMBRE
      ChangePasswordUseKerberos REG_DWORD 1 (0x1)

      ===============

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AtiExtEvent]
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

      ===============

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
      {AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ

      ===============

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
      C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
      C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe REG_SZ C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Disabled:AOL
      C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe REG_SZ C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe:*:Disabled:AOL
      C:\Program Files\AOL 9.0\aol.exe REG_SZ C:\Program Files\AOL 9.0\aol.exe:*:Disabled:AOL
      C:\APPS\Inventime\my.exe REG_SZ C:\APPS\Inventime\my.exe:*:Disabled:INVENTIME
      C:\Program Files\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe REG_SZ C:\Program Files\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe:*:Disabled:PANDORA
      C:\APPS\skype\phone\Skype.exe REG_SZ C:\APPS\skype\phone\Skype.exe:*:Disabled:Skype
      C:\Program Files\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe REG_SZ C:\Program Files\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe:*:Disabled:SPLINTER CELL PANDORA
      C:\WINDOWS\system32\sessmgr.exe REG_SZ C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019
      C:\Program Files\Hasbro Interactive\Clue\Clue.exe REG_SZ C:\Program Files\Hasbro Interactive\Clue\Clue.exe:*:Enabled:Clue
      %windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
      C:\APPS\Powercinema\PowerCinema.exe REG_SZ C:\APPS\Powercinema\PowerCinema.exe:*:Enabled:PowerCinema
      C:\Program Files\M6Video\M6video.exe REG_SZ C:\Program Files\M6Video\M6video.exe:*:Enabled:OneClick
      C:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Double Agent\SCDA-Offline\System\SplinterCell4.exe REG_SZ C:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Double Agent\SCDA-Offline\System\SplinterCell4.exe:*:Enabled:SplinterCell4
      C:\Program Files\AOL 9.0\waol.exe REG_SZ C:\Program Files\AOL 9.0\waol.exe:*:Disabled:AOL 9.0
      C:\Program Files\Hercules\DualPix Exchange\Station2.exe REG_SZ C:\Program Files\Hercules\DualPix Exchange\Station2.exe:*:Enabled:Hercules Webcam Station Evolution SE
      %windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
      C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE REG_SZ C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE:*:Disabled:Canon IJ Network Scan Utility
      C:\Program Files\Canon\Canon IJ Network Tool\CNMNPUT.EXE REG_SZ C:\Program Files\Canon\Canon IJ Network Tool\CNMNPUT.EXE:*:Disabled:Canon IJ Network Tool
      C:\WINDOWS\system32\ftp.exe REG_SZ C:\WINDOWS\system32\ftp.exe:*:Enabled:Logiciel de transfert de fichiers
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
      C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
      C:\Program Files\Bonjour\mDNSResponder.exe REG_SZ C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Service Bonjour
      C:\Program Files\iTunes\iTunes.exe REG_SZ C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
      %windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
      C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe REG_SZ C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL
      C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe REG_SZ C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
      C:\Program Files\AOL 9.0\waol.exe REG_SZ C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0
      %windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
      C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare

      ===============
      ActivX controls
      ===============

      [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\Microsoft XML Parser for Java]
      [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{00B71CFB-6864-4346-A978-C0A14556272C}]
      [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{09CC593B-E8A9-4491-927D-A3E33534DDD4}]
      [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{1F83CD9E-505E-4F87-BECE-0832A763E36F}]
      [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{2917297F-F02B-4B9D-81DF-494B6333150B}]
      [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}]
      [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}]
      [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5D6F45B3-9043-443D-A792-115447494D24}]
      [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{644E432F-49D3-41A1-8DD5-E099162EEEC5}]
      [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6A344D34-5231-452A-8A57-D064AC9B7862}]
      [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}]
      [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6E5E167B-1566-4316-B27F-0DDAB3484CF7}]
      [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{87AF076E-D86D-4E87-ADDD-F05804E1F150}]
      [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
      [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8E0D4DE5-3180-4024-A327-4DFAD1796A8D}]
      [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
      [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}]
      [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}]
      [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}]
      [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}]
      [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}]
      [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}]
      [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}]
      [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}]
      [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
      [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
      [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{EF791A6B-FC12-4C68-99EF-FB9E207A39E6}]
      [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{F6ACF75C-C32C-447B-9BEF-46B766368D29}]

      ===============
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{03F998B2-0E00-11D3-A498-00104B6EB52E}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{166B1BCA-3F9C-11CF-8075-444553540000}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B508B3F1-A24A-32C0-B310-85786919EF28}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}]

      ==============
      BHO :
      ======

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

      ===
      DNS
      ===

      HKLM\SYSTEM\CCS\Services\Tcpip\..\{CA99CF8F-4E3A-4614-A710-F7552FC648DE}: DhcpNameServer=192.168.1.1 192.168.1.1
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{CA99CF8F-4E3A-4614-A710-F7552FC648DE}: DhcpNameServer=192.168.1.1 192.168.1.1
      HKLM\SYSTEM\CS3\Services\Tcpip\..\{CA99CF8F-4E3A-4614-A710-F7552FC648DE}: DhcpNameServer=192.168.1.1 192.168.1.1
      HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
      HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
      HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1

      ================
      Internet Explorer :
      ================

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
      Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
      Local Page REG_SZ C:\WINDOWS\system32\blank.htm
      Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
      Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      Start Page REG_SZ https://www.sfr.fr/
      Local Page REG_SZ C:\WINDOWS\system32\blank.htm
      Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

      ========
      Services
      ========

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

      Ndisuio : 0x3 ( OK = 3 )
      EapHost : 0x3 ( OK = 2 )
      SharedAccess : 0x2 ( OK = 2 )
      wuauserv : 0x2 ( OK = 2 )

      ========
      Safemode
      ========

      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!

      =========
      Atapi.sys
      =========

      Référence :
      ==========

      Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
      Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
      Win XP_32b : a64013e98426e1877cb653685c5c0009
      Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
      Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
      Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
      Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
      Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
      Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
      Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
      Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
      Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e

      =======
      Drive :
      =======

      D'fragmenteur de disque Windows
      Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

      Rapport d'analyse
      149 Go total, 110 Go libre (73%), 6% fragment' (fragmentation du fichier 12%)

      Il ne vous est pas n'cessaire de d'fragmenter ce volume.

      ¤¤¤¤¤¤¤¤¤¤ Files/folders :

      Present !! : C:\WINDOWS\002846_.tmp
      Present !! : C:\WINDOWS\meta4.exe
      Present !! : C:\WINDOWS\System32\_psisdecd.dll
      Present !! : C:\WINDOWS\system32\AVSredirect.dll
      Present !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
      Present !! : C:\WINDOWS\System32\Process.exe
      Present !! : C:\WINDOWS\System32\SrchSTS.exe
      Present !! : C:\WINDOWS\Temp\JET4D50.tmp
      Present !! : C:\WINDOWS\Temp\JET59F2.tmp
      Present !! : C:\WINDOWS\Temp\JET68B7.tmp
      Present !! : D:\Documents and Settings\Papa\Application Data\usb.inf
      Present !! : D:\Documents and Settings\Papa\Local Settings\Temp\dw.log
      Present !! : D:\Documents and Settings\Papa\LOCAL Settings\Temp\CTPBSEQ.EXE
      Present !! : D:\Documents and Settings\Papa\LOCAL Settings\Temp\fsols_launcher.exe
      Present !! : D:\Documents and Settings\Papa\LOCAL Settings\Temp\fsonlinescanner.exe
      Present !! : D:\Documents and Settings\Papa\LOCAL Settings\Temp\Update_9b5d.exe
      Present !! : D:\Documents and Settings\Papa\LOCAL Settings\Temp\_pulmo.exe
      Present !! : D:\Documents and Settings\Papa\LOCAL Settings\Temp\Perflib_Perfdata_101c.dat
      Present !! : D:\Documents and Settings\Papa\LOCAL Settings\Temp\fsclm.dll
      Present !! : D:\Documents and Settings\Papa\LOCAL Settings\Temp\InstHelp.dll
      Present !! : D:\Documents and Settings\Papa\LOCAL Settings\Temp\uljzkidrkikgnomgl.dll
      Present !! : D:\Documents and Settings\Papa\LOCAL Settings\Temp\xmllite.dll
      Present !! : D:\Documents and Settings\Papa\Local Settings\Temporary Internet Files\SuggestedSites.dat

      ¤¤¤¤¤¤¤¤¤¤ Keys :

      Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Run : NeroCheck
      Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser : {0E5CBF21-D15F-11D0-8301-00AA005B4383}
      Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoFolderOptions
      Present !! : HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoFolderOptions
      Present !! : HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoFolderOptions
      Present !! : HKEY_USERS\S-1-5-21-646265780-4222595010-3655448000-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoFolderOptions
      Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System : DisableRegistryTools
      Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
      Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
      Present !! : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHDRVX86
      Present !! : HKLM\SYSTEM\CurrentControlSet\Services\BHDRVX86
      Present !! : HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHDRVX86
      Present !! : HKLM\SYSTEM\ControlSet001\Services\BHDRVX86
      Present !! : HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_BHDRVX86
      Present !! : HKLM\SYSTEM\ControlSet003\Services\BHDRVX86

      ============

      catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2010-06-03 20:27:48
      Windows 5.1.2600 Service Pack 3 FAT NTAPI

      scanning hidden processes ...

      scanning hidden services ...

      scanning hidden autostart entries ...

      scanning hidden files ...

      scan completed successfully
      hidden processes: 0
      hidden services: 0
      hidden files: 0


      Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

      device: opened successfully
      user: MBR read successfully
      called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
      kernel: MBR read successfully
      user & kernel MBR OK

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
      FirstRunDisabled REG_DWORD 1 (0x1)
      AntiVirusDisableNotify REG_DWORD 0 (0x0)
      FirewallDisableNotify REG_DWORD 0 (0x0)
      UpdatesDisableNotify REG_DWORD 0 (0x0)
      AntiVirusOverride REG_DWORD 0 (0x0)
      FirewallOverride REG_DWORD 0 (0x0)

      ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

      End of scan : 20:27:51,23
      0
  9. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    décidement...ce rapport est étrange, du moins pas comme attendu

    faisons ainsi avant de faire plus sévère

    1)

    ? Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
    mais cette fois-ci :

    ? choisis l'option CLEAN
    ton PC va redemarrer,

    laisse travailler l'outil.

    en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,

    ? colle le contenu dans ta reponse

    .........................

    2)

    retentes la manip zhp fix ensuite comme indiquée précedement

    https://forums.commentcamarche.net/forum/affich-17918145-analyse-rapport-hitjackthis#12
    0
    1. nono5577 Messages postés 45 Statut Membre
       
      Voila le rapport kill em txt
      Pour zhp fix ,demain
      Merci.Bonsoir.
      ¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.0.0.4 ¤¤¤¤¤¤¤¤¤¤

      User : Papa (Administrateurs)
      Update on 23/05/2010 by g3n-h@ckm@n ::::: 15.00
      Start at: 22:00:51 | 03/06/2010

      Intel(R) Pentium(R) 4 CPU 3.20GHz
      Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
      Internet Explorer 8.0.6001.18702
      Windows Firewall Status : Disabled
      AV : Norton Internet Security 16.5.0.134 [ Enabled | Updated ]
      FW : Norton Internet Security[ Enabled ]16.5.0.134

      C:\ -> Disque fixe local | 29,99 Go (12,42 Go free) [HDD] | NTFS
      D:\ -> Disque fixe local | 148,5 Go (109,65 Go free) [DATA] | NTFS
      E:\ -> Disque CD-ROM
      F:\ -> Disque amovible
      G:\ -> Disque amovible
      H:\ -> Disque amovible
      I:\ -> Disque amovible


      ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\logonui.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\svchost.exe
      C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
      C:\WINDOWS\system32\CTsvcCDA.exe
      C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
      C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
      C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
      C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
      C:\WINDOWS\system32\wuauclt.exe
      c:\APPS\Powercinema\Kernel\TV\CLSched.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe
      C:\WINDOWS\System32\alg.exe
      C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\cmd.exe
      C:\Program Files\List_Kill'em\ERUNT.EXE
      C:\Program Files\List_Kill'em\pv.exe

      ¤¤¤¤¤¤¤¤¤¤ Files/folders :

      Quarantined & Deleted !! : C:\WINDOWS\002846_.tmp
      Quarantined & Deleted !! : C:\WINDOWS\meta4.exe

      Quarantined & Deleted !! : C:\WINDOWS\System32\_psisdecd.dll
      Quarantined & Deleted !! : C:\WINDOWS\system32\AVSredirect.dll
      Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
      Quarantined & Deleted !! : C:\WINDOWS\System32\Process.exe
      Quarantined & Deleted !! : C:\WINDOWS\System32\SrchSTS.exe
      Quarantined & Deleted !! : C:\WINDOWS\Temp\JET1354.tmp
      Quarantined & Deleted !! : C:\WINDOWS\Temp\JET4D50.tmp
      Quarantined & Deleted !! : C:\WINDOWS\Temp\JET68B7.tmp
      Quarantined & Deleted !! : D:\Documents and Settings\Papa\Application Data\usb.inf
      Quarantined & Deleted !! : D:\Documents and Settings\Papa\Local Settings\Temp\dw.log
      Quarantined & Deleted !! : D:\Documents and Settings\Papa\LOCAL Settings\Temp\CTPBSEQ.EXE
      Quarantined & Deleted !! : D:\Documents and Settings\Papa\LOCAL Settings\Temp\fsols_launcher.exe
      Quarantined & Deleted !! : D:\Documents and Settings\Papa\LOCAL Settings\Temp\fsonlinescanner.exe
      Quarantined & Deleted !! : D:\Documents and Settings\Papa\LOCAL Settings\Temp\jre-6u20-windows-i586-iftw-rv.exe
      Quarantined & Deleted !! : D:\Documents and Settings\Papa\LOCAL Settings\Temp\Update_9b5d.exe
      Quarantined & Deleted !! : D:\Documents and Settings\Papa\LOCAL Settings\Temp\_pulmo.exe
      Quarantined & Deleted !! : D:\Documents and Settings\Papa\LOCAL Settings\Temp\Perflib_Perfdata_101c.dat
      Quarantined & Deleted !! : D:\Documents and Settings\Papa\LOCAL Settings\Temp\fsclm.dll
      Quarantined & Deleted !! : D:\Documents and Settings\Papa\LOCAL Settings\Temp\InstHelp.dll
      Quarantined & Deleted !! : D:\Documents and Settings\Papa\LOCAL Settings\Temp\uljzkidrkikgnomgl.dll
      Quarantined & Deleted !! : D:\Documents and Settings\Papa\LOCAL Settings\Temp\xmllite.dll
      Quarantined & Deleted !! : D:\Documents and Settings\Papa\Local Settings\Temporary Internet Files\SuggestedSites.dat

      =======
      Hosts :
      =======

      127.0.0.1 localhost

      ========
      Registry
      ========

      Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Run : NeroCheck
      Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser : {0E5CBF21-D15F-11D0-8301-00AA005B4383}
      Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoFolderOptions
      Deleted : HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoFolderOptions
      Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System : DisableRegistryTools
      Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
      Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
      Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHDRVX86
      Deleted : HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_BHDRVX86
      =================
      Internet Explorer
      =================

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
      Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
      Local Page REG_SZ C:\WINDOWS\system32\blank.htm
      Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
      Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      Start Page REG_SZ https://www.google.com/?gws_rd=ssl
      Local Page REG_SZ C:\WINDOWS\system32\blank.htm
      Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

      ===============
      Security Center
      ===============

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
      FirstRunDisabled REG_DWORD 1 (0x1)
      AntiVirusDisableNotify REG_DWORD 0 (0x0)
      FirewallDisableNotify REG_DWORD 0 (0x0)
      UpdatesDisableNotify REG_DWORD 0 (0x0)
      AntiVirusOverride REG_DWORD 1 (0x1)
      FirewallOverride REG_DWORD 1 (0x1)

      ========
      Services
      =========

      Ndisuio : Start = 3
      EapHost : Start = 2
      Ip6Fw : Start = 2
      SharedAccess : Start = 2
      wuauserv : Start = 2
      wscsvc : Start = 2

      ============
      Disk Cleaned
      anti-ver blaster : OK
      Prefetch cleaned
      ================

      Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

      device: opened successfully
      user: MBR read successfully
      called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
      kernel: MBR read successfully
      user & kernel MBR OK




      ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
      0
    2. nono5577 Messages postés 45 Statut Membre
       
      Bonjour,

      Aprés le long scan hier soir de kill em (voir le rapport ci dessus),j'ai tenté à nouveau ZHP Diag ce matin.
      mais apres copié/collé des lignes et ok -tous- nettoyer,le PC plante (écran bleu avec inscriptions blanches signalant qu'il y a un problème avec le fichier "catchme",obligé de redémarrer.

      Voilà ou j'en suis.
      Merci.
      0
  10. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    Attention, avant de commencer, lit attentivement la procédure, et imprime la

    Aide à l'utilisation
    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    Télécharge ComboFix de sUBs sur ton Bureau :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    /!\ Déconnecte-toi du net et DESACTIVES TOUTES LES DEFENSES, antivirus et antispyware y compris /!\

    ---> Double-clique sur ComboFix.exe
    Un "pop-up" va apparaître qui dit que ComboFix est utilisé à vos risques et avec aucune garantie... Clique sur oui pour accepter

    SURTOUT INSTALLES LA CONSOLE DE RECUPERATION
    (si il te propose de l'installer remets provisoirement internet)

    ---> Mets-le en langue française F
    Tape sur la touche 1 (Yes) pour démarrer le scan.

    Ne touche à rien(souris, clavier) tant que le scan n'est pas terminé, car tu risques de planter ton PC

    En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

    Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

    /!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

    Note : Le rapport se trouve également là : C:\ComboFix.txt

    0
    1. nono5577 Messages postés 45 Statut Membre
       
      Bonjour" Moment de grâce",

      je vais faire Combofix aujourd'hui.

      Qu'entends- tu par désactiver antispyware(je n'ai que spybot et cc cleaner, en sont ils ?mais je crois qu'ils n'agissent pas en direct).

      Qu'a donné le scan précédent de kill'em ?a-t-il résolu des problèmes ?

      Suis-je sur la bonne voie ou y-a-t-il des problèmes importants et difficiles à régler.

      Merci de ta patience et de ton aide.

      Bonne journée.
      0
    2. nono5577 Messages postés 45 Statut Membre
       
      Re bonjour,
      Voici le rapport ComboFix:
      ComboFix 10-06-03.01 - Papa 05/06/2010 14:40:27.1.2 - x86
      Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.344 [GMT 2:00]
      Lancé depuis: d:\documents and settings\Papa\Bureau\ComboFix.exe
      AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
      FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      c:\windows\Fonts\unins000.exe
      c:\windows\system32\raFSyamf.dll
      d:\documents and settings\Papa\Application Data\07C07881B73964FADA66322D3571BB07
      d:\documents and settings\Papa\Application Data\07C07881B73964FADA66322D3571BB07\enemies-names.txt

      .
      ((((((((((((((((((((((((((((( Fichiers créés du 2010-05-05 au 2010-06-05 ))))))))))))))))))))))))))))))))))))
      .

      2010-06-03 22:13 . 2010-06-03 22:13 309760 ----a-w- c:\windows\system32\rbkcdqjf.dll
      2010-06-03 10:53 . 2010-06-03 21:25 -------- d-----w- c:\program files\List_Kill'em
      2010-06-02 17:02 . 2010-06-04 06:48 -------- d-----w- c:\program files\ZHPDiag
      2010-05-31 10:18 . 2010-05-31 10:18 -------- d-----w- d:\documents and settings\Papa\Application Data\Street-Ads
      2010-05-31 10:18 . 2010-05-31 10:18 -------- d-----w- d:\documents and settings\Papa\Application Data\Sky-Banners
      2010-05-31 10:18 . 2010-05-31 10:18 50981 ----a-w- c:\windows\system32\dbuwrhfolodm.exe
      2010-05-31 10:18 . 2010-05-31 10:18 -------- d-----w- c:\program files\$NtUninstallWTF1012$
      2010-05-24 16:31 . 2010-05-24 16:31 40633 ----a-w- c:\windows\system32\nhhcuetp.exe
      2010-05-22 15:56 . 2010-05-22 15:56 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
      2010-05-16 13:00 . 2010-05-16 13:00 -------- d-----w- d:\documents and settings\Papa\Local Settings\Application Data\Symantec
      2010-05-15 14:10 . 2010-05-15 14:10 -------- d-----w- c:\program files\Trend Micro
      2010-05-15 12:34 . 2010-05-15 12:34 -------- d-----w- d:\documents and settings\Papa\Application Data\Malwarebytes
      2010-05-15 12:34 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
      2010-05-15 12:34 . 2010-05-15 12:34 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes
      2010-05-15 12:34 . 2010-05-15 12:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
      2010-05-15 12:34 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
      2010-05-07 15:44 . 2010-05-07 15:44 -------- d-----w- d:\documents and settings\All Users\Application Data\F-Secure

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2010-06-05 08:24 . 2009-02-10 16:36 1 ----a-w- d:\documents and settings\Papa\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
      2010-06-05 08:21 . 2004-08-16 15:41 85154 ----a-w- c:\windows\system32\perfc00C.dat
      2010-06-05 08:21 . 2004-08-16 15:41 511538 ----a-w- c:\windows\system32\perfh00C.dat
      2010-06-05 08:18 . 2008-12-21 13:08 -------- d-----w- c:\program files\Microsoft Silverlight
      2010-06-03 21:26 . 2007-01-25 15:56 210984 ----a-w- d:\documents and settings\Papa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
      2010-06-03 10:28 . 2008-06-07 16:37 -------- d-----w- c:\program files\Windows Live
      2010-06-03 10:26 . 2008-01-14 18:22 -------- d-----w- c:\program files\Sony
      2010-06-01 11:10 . 2006-04-11 18:52 -------- d-----w- d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
      2010-06-01 06:53 . 2008-10-04 16:13 -------- d-----w- d:\documents and settings\All Users\Application Data\CanonIJPLM
      2010-05-30 16:38 . 2008-12-07 13:43 -------- d-----w- d:\documents and settings\Papa\Application Data\gtk-2.0
      2010-05-26 18:25 . 2006-07-23 09:02 -------- d-----w- c:\program files\CCleaner
      2010-05-15 12:29 . 2006-05-09 14:03 -------- d-----w- c:\program files\Lavasoft
      2010-05-03 17:34 . 2010-05-03 17:33 -------- d-----w- d:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
      2010-05-03 17:34 . 2009-12-17 08:55 -------- d-----w- c:\program files\iTunes
      2010-05-03 17:34 . 2010-05-03 17:34 -------- d-----w- c:\program files\iPod
      2010-05-03 17:33 . 2008-12-13 13:08 -------- d-----w- c:\program files\Fichiers communs\Apple
      2010-05-03 17:29 . 2008-12-13 13:08 -------- d-----w- c:\program files\QuickTime
      2010-05-03 17:23 . 2010-05-03 17:23 -------- d-----w- c:\program files\Bonjour
      2010-05-03 17:19 . 2010-05-03 17:19 73000 ----a-w- d:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
      2010-04-29 18:47 . 2010-04-29 18:47 3600384 ----a-w- c:\windows\system32\GPhotos.scr
      2010-04-08 11:20 . 2010-04-08 11:20 91424 ----a-w- c:\windows\system32\dnssd.dll
      2010-04-08 11:20 . 2010-04-08 11:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
      2010-03-30 10:27 . 2010-03-30 12:16 1109 ----a-w- d:\documents and settings\Papa\Application Data\Genie-Soft\GBMLite8Lacie\Jobs\sauvegarde mars 2010\00000000\maindata.sys
      2010-03-10 06:16 . 2004-08-16 15:41 420352 ----a-w- c:\windows\system32\vbscript.dll
      2007-01-23 18:02 . 2007-01-23 18:02 1150 ----a-w- c:\program files\wallpaperenable.reg
      2006-03-04 15:46 . 2006-01-29 16:25 560 ----a-w- c:\program files\Global.sw
      .

      ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{527B218C-EFBF-4C90-8F5F-B572A0CE2697}]
      2010-06-03 22:13 309760 ----a-w- c:\windows\system32\rbkcdqjf.dll

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 68856]
      "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
      "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
      "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
      "AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-08 57344]
      "RTHDCPL"="RTHDCPL.EXE" [2005-06-29 14720000]
      "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-12 136600]
      "Ulead AutoDetector v2"="c:\program files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
      "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
      "ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]
      "ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
      "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-10-27 180269]
      "BOOT"="c:\program files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe" [2002-08-16 476160]
      "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
      "CamserviceDP"="c:\program files\Hercules\DualPix Exchange\Camservice.exe" [2007-08-10 81920]
      "PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-05-11 127118]
      "IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-11-19 128352]
      "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 94208]
      "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
      "UsbBoost"="c:\program files\UsbBoost\TurboHddUsb.exe" [2010-01-03 3788800]
      "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
      "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
      "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
      "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
      "MChk"="c:\windows\system32\nhhcuetp.exe" [2010-05-24 40633]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

      d:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
      Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-5-23 593920]
      NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2009-2-13 1261568]
      OFFICE One Clock v6.5.lnk - c:\program files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe [2006-12-9 257536]

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
      @="FSFilter Activity Monitor"

      [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^OFFICE One Notes v6.5.lnk]
      path=d:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\OFFICE One Notes v6.5.lnk
      backup=c:\windows\pss\OFFICE One Notes v6.5.lnkCommon Startup

      [HKLM\~\startupfolder\D:^Documents and Settings^Papa^Menu Démarrer^Programmes^Démarrage^Club Internet.lnk]
      path=d:\documents and settings\Papa\Menu Démarrer\Programmes\Démarrage\Club Internet.lnk
      backup=c:\windows\pss\Club Internet.lnkStartup

      [HKLM\~\startupfolder\D:^Documents and Settings^Papa^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.0.lnk]
      path=d:\documents and settings\Papa\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.0.lnk
      backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OoPDFSettingsv6.exe]
      2003-11-20 09:38 460800 ----a-w- c:\program files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "AntiVirusOverride"=dword:00000001
      "FirewallOverride"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "c:\\Program Files\\Messenger\\msmsgs.exe"=
      "c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"=
      "c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"=
      "c:\\Program Files\\AOL 9.0\\aol.exe"=
      "c:\\APPS\\Inventime\\my.exe"=
      "c:\\APPS\\skype\\phone\\Skype.exe"=
      "c:\\WINDOWS\\system32\\sessmgr.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "c:\\APPS\\Powercinema\\PowerCinema.exe"=
      "c:\\Program Files\\AOL 9.0\\waol.exe"=
      "c:\\Program Files\\Hercules\\DualPix Exchange\\Station2.exe"=
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\Program Files\\Canon\\Canon IJ Network Scan Utility\\CNMNSUT.EXE"=
      "c:\\Program Files\\Canon\\Canon IJ Network Tool\\CNMNPUT.EXE"=
      "c:\\WINDOWS\\system32\\ftp.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
      "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
      "c:\\Program Files\\iTunes\\iTunes.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "6901:TCP"= 6901:TCP:video msn mesenger
      "1863:TCP"= 1863:TCP:dialogues msn messenger

      R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008000.029\SymEFA.sys [03/02/2010 18:11 310320]
      R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1008000.029\BHDrvx86.sys [03/02/2010 18:11 259632]
      R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1008000.029\cchpx86.sys [03/02/2010 18:11 482432]
      R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [03/01/2010 14:21 7936]
      R1 IDSxpx86;IDSxpx86;d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100528.003\IDSXpx86.sys [28/05/2010 21:33 331640]
      R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [23/05/2009 17:47 3712]
      R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [03/02/2010 18:11 117640]
      R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [27/10/2005 13:18 710144]
      R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/06/2009 09:39 102448]
      R3 hxctlflt;hxctlflt;c:\windows\system32\drivers\hxctlflt.sys [08/02/2009 22:42 99968]
      R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [13/02/2009 20:21 272128]
      S2 gupdate1c9d705ec2397f6;Service Google Update (gupdate1c9d705ec2397f6);c:\program files\Google\Update\GoogleUpdate.exe [17/05/2009 17:40 133104]
      S3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [26/05/2008 12:31 94208]
      S3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\fnettboh.sys [03/01/2010 14:21 23680]
      S3 PVUSB;CESG502 USB Driver;c:\windows\system32\drivers\cesg502.sys [24/09/2009 10:24 40672]
      S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys --> c:\windows\System32\Drivers\SjyPkt.sys [?]
      .
      Contenu du dossier 'Tâches planifiées'

      2010-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-17 15:40]

      2010-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-17 15:40]

      2010-06-05 c:\windows\Tasks\User_Feed_Synchronization-{98D8E7A5-E43E-47EE-935D-B17F9A489FDD}.job
      - c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
      .
      .
      ------- Examen supplémentaire -------
      .
      uStart Page = hxxp://www.sfr.fr/fr/adsl.jsp
      uInternet Connection Wizard,ShellNext = hxxp://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=BM3
      uInternet Settings,ProxyOverride = *.local
      uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
      IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
      IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
      Trusted Zone: micosoft.com\v4.Windowsupdate
      Trusted Zone: microsoft.com\Windowsupdate
      Trusted Zone: Windowsupdate.com\Download
      DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
      DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} - hxxp://www.m6video.fr/1click/install/files/installer2.cab
      DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} - hxxp://www.mypixmania.com/importer/MypixUploader.cab
      DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - hxxps://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
      .
      - - - - ORPHELINS SUPPRIMES - - - -

      BHO-{75CDAD94-467E-4D15-BB9E-EEBFCF865897} - c:\windows\system32\rafsyamf.dll
      HKLM-Run-StandardInstall - (no file)
      HKLM-Run-skb - rafsyamf.dll
      MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
      MSConfigStartUp-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe



      **************************************************************************

      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2010-06-05 14:48
      Windows 5.1.2600 Service Pack 3 NTFS

      Recherche de processus cachés ...

      Recherche d'éléments en démarrage automatique cachés ...

      Recherche de fichiers cachés ...

      Scan terminé avec succès
      Fichiers cachés: 0

      **************************************************************************

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
      "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MysqlInventime]
      "ImagePath"="c:\apps\INVENT~1\mysql\bin\mysqld-nt --defaults-file=c:\apps\Inventime\mysql\my.ini MysqlInventime"
      .
      --------------------- CLES DE REGISTRE BLOQUEES ---------------------

      [HKEY_USERS\S-1-5-21-646265780-4222595010-3655448000-1010\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
      "??"=hex:10,11,b5,a9,c1,c7,3e,76,b9,87,43,6c,ff,e9,62,79,fd,00,2f,d3,d2,6a,25,
      b6,31,a1,2e,1f,b3,a0,0b,7f,28,8b,54,10,bf,83,3d,86,d0,9e,72,6e,76,dc,7d,7c,\
      "??"=hex:95,3e,db,68,06,10,31,3b,48,55,83,2c,0c,8a,a4,c8

      [HKEY_USERS\S-1-5-21-646265780-4222595010-3655448000-1010\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0]
      "Percents"="0 0.1247 0.3475 0.4589 0.5756 0.7745 0.7798 "
      "Increment"=".011494"
      "FRT"="S7scj3oKaZQnWbQe3V6SfWiALMaTBcNS49K7tndsZLe39mbZ+KBZHw=="
      "PLCK"="oqLN6wP3BZUxh2dxb3pNGB/pvztxErHt"
      "PHSH"=""
      .
      --------------------- DLLs chargées dans les processus actifs ---------------------

      - - - - - - - > 'winlogon.exe'(1152)
      c:\windows\system32\Ati2evxx.dll
      .
      Heure de fin: 2010-06-05 14:52:38
      ComboFix-quarantined-files.txt 2010-06-05 12:52

      Avant-CF: 13 158 604 800 octets libres
      Après-CF: 13 333 561 344 octets libres

      - - End Of File - - AA481E6B08B34083EDAD5A665C7ABB36
      0
  11. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    Rends toi sur ce site :

    https://www.virustotal.com/gui/

    Clique sur parcourir et cherche ce fichier :

    c:\windows\system32\rbkcdqjf.dll

    Clique sur Send File.

    Un rapport va s'élaborer ligne à ligne.

    Attends la fin. Il doit comprendre la taille du fichier envoyé.

    Sauvegarde le rapport avec le bloc-note.

    Copie le dans ta réponse.

    Si tu ne trouves pas le fichier alors

    Affiche tous les fichiers et dossiers :

    Pour cela :
    Clique sur démarrer/panneau de configuration/option des dossiers/affichage

    Cocher afficher les dossiers cachés

    Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

    Décocher masquer les extensions dont le type est connu

    Puis fais «appliquer» pour valider les changements.

    Et OK
    0
    1. nono5577 Messages postés 45 Statut Membre
       
      Srpski | ?????????? | ??????? | Suomi | ihMdI | | ????? | | Slovens?ina | Dansk | ??????? | Român? | Türkçe | Nederlands | ???????? | Svenska | Português | Italiano | | | Magyar | Deutsch | ?esky | Polski | Español | English
      Virustotal est un service qui analyse les fichiers suspects et facilite la détection rapide des virus, vers, chevaux de Troie et toutes sortes de malwares détectés par les moteurs antivirus. Plus d'informations...

      Fichier rbkcdqjf.dll reçu le 2010.06.05 14:01:08 (UTC)
      Situation actuelle: terminé

      Résultat: 3/41 (7.32%)
      Formaté Impression des résultats Antivirus Version Dernière mise à jour Résultat
      a-squared 5.0.0.26 2010.06.05 Trojan.Win32.BHO!IK
      AhnLab-V3 2010.06.05.00 2010.06.04 -
      AntiVir 8.2.2.6 2010.06.04 -
      Antiy-AVL 2.0.3.7 2010.06.04 -
      Authentium 5.2.0.5 2010.06.05 -
      Avast 4.8.1351.0 2010.06.05 -
      Avast5 5.0.332.0 2010.06.05 -
      AVG 9.0.0.787 2010.06.05 -
      BitDefender 7.2 2010.06.05 -
      CAT-QuickHeal 10.00 2010.06.05 -
      ClamAV 0.96.0.3-git 2010.06.05 -
      Comodo 4995 2010.06.05 -
      DrWeb 5.0.2.03300 2010.06.05 -
      eSafe 7.0.17.0 2010.06.03 -
      eTrust-Vet 35.2.7528 2010.06.04 -
      F-Prot 4.6.0.103 2010.06.04 -
      F-Secure 9.0.15370.0 2010.06.05 -
      Fortinet 4.1.133.0 2010.06.05 -
      GData 21 2010.06.05 -
      Ikarus T3.1.1.84.0 2010.06.05 Trojan.Win32.BHO
      Jiangmin 13.0.900 2010.06.05 -
      Kaspersky 7.0.0.125 2010.06.05 -
      McAfee 5.400.0.1158 2010.06.05 -
      McAfee-GW-Edition 2010.1 2010.06.05 Heuristic.BehavesLike.Win32.Trojan.H
      Microsoft 1.5802 2010.06.05 -
      NOD32 5174 2010.06.05 -
      Norman 6.04.12 2010.06.05 -
      nProtect 2010-06-05.01 2010.06.05 -
      Panda 10.0.2.7 2010.06.05 -
      PCTools 7.0.3.5 2010.06.05 -
      Prevx 3.0 2010.06.05 -
      Rising 22.50.05.03 2010.06.05 -
      Sophos 4.53.0 2010.06.05 -
      Sunbelt 6409 2010.06.05 -
      Symantec 20101.1.0.89 2010.06.05 -
      TheHacker 6.5.2.0.292 2010.06.04 -
      TrendMicro 9.120.0.1004 2010.06.05 -
      TrendMicro-HouseCall 9.120.0.1004 2010.06.05 -
      VBA32 3.12.12.5 2010.06.04 -
      ViRobot 2010.6.5.2339 2010.06.05 -
      VirusBuster 5.0.27.0 2010.06.04 -
      Information additionnelle
      File size: 309760 bytes
      MD5 : 881328ecad1933b991b3444fbe9e83e5
      SHA1 : 47581556f37d1395b36fbf7610f557338d48ca0f
      SHA256: be5a54f81697181c7bd2aa982a080a90adccd5e0384a253e76c0a194967d487e
      PEInfo: PE Structure information

      ( base data )
      entrypointaddress.: 0x28CE6
      timedatestamp.....: 0x4C082911 (Fri Jun 4 00:13:37 2010)
      machinetype.......: 0x14C (Intel I386)

      ( 5 sections )
      name viradd virsiz rawdsiz ntrpy md5
      .text 0x1000 0x35896 0x35A00 6.55 f40e246769e6299cb2d7db103a038f6f
      .rdata 0x37000 0xAD62 0xAE00 4.72 1c2b018c91a34b146a25e407afff0616
      .data 0x42000 0x6468 0x4800 6.26 74f77f5830b8f18aca6e378b9660a2ec
      .rsrc 0x49000 0x990 0xA00 3.37 eebbe9ca4cb1fca432c6c3c3e6c8b193
      .reloc 0x4A000 0x5AFA 0x5C00 4.92 cac33d99ce4f3f2dcb7e13d8075ec6c6

      ( 7 imports )

      > advapi32.dll: RegQueryInfoKeyA, RegQueryValueExA, RegEnumKeyExA, RegSetValueExA, RegOpenKeyExA, RegCreateKeyExA, RegCloseKey, RegDeleteKeyA
      > gdiplus.dll: GdiplusShutdown
      > kernel32.dll: InitializeCriticalSection, DeleteCriticalSection, SizeofResource, LockResource, LoadResource, FindResourceA, FindResourceExA, lstrlenA, lstrcmpiA, lstrlenW, lstrcpyA, GetModuleHandleA, GetModuleFileNameA, LeaveCriticalSection, InterlockedIncrement, EnterCriticalSection, InterlockedDecrement, lstrcpynA, IsDBCSLeadByte, Sleep, GetTickCount, lstrcatA, HeapFree, GetProcessHeap, FlushInstructionCache, GetCurrentProcess, HeapAlloc, GetCurrentThreadId, CompareStringA, CompareStringW, GetEnvironmentVariableA, CloseHandle, GetLastError, ResumeThread, WaitForSingleObject, CreateThread, SetEnvironmentVariableA, FreeLibrary, GetProcAddress, LoadLibraryA, CreateFileA, CreateDirectoryA, ReleaseMutex, SetEvent, ResetEvent, CreateMutexA, CreateEventA, GlobalUnlock, GlobalLock, GlobalAlloc, MulDiv, lstrcmpA, FileTimeToSystemTime, FileTimeToLocalFileTime, WriteFile, GetFileTime, GetVolumeInformationA, RaiseException, WideCharToMultiByte, MultiByteToWideChar, GetVersionExA, GetThreadLocale, GetLocaleInfoA, GetACP, GetStartupInfoA, InterlockedExchange, GetFileType, GetStdHandle, SetHandleCount, TerminateProcess, SetUnhandledExceptionFilter, GetCurrentProcessId, QueryPerformanceCounter, IsBadWritePtr, VirtualFree, HeapCreate, TlsGetValue, TlsSetValue, TlsFree, SetLastError, TlsAlloc, GetCPInfo, GetOEMCP, GetDateFormatA, GetTimeFormatA, IsBadReadPtr, GetCommandLineA, GetSystemTimeAsFileTime, VirtualQuery, GetSystemInfo, VirtualAlloc, VirtualProtect, RtlUnwind, FlushFileBuffers, SetStdHandle, SetFilePointer, IsBadCodePtr, GetStringTypeW, GetStringTypeA, GetTimeZoneInformation, LCMapStringW, LCMapStringA, UnhandledExceptionFilter, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, ExitProcess, HeapSize, HeapReAlloc, LocalAlloc, LocalFree, HeapDestroy
      > msimg32.dll: TransparentBlt, AlphaBlend
      > oleaut32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
      > shell32.dll: -, SHGetFileInfoA, SHGetSpecialFolderPathA
      > shlwapi.dll: SHCopyKeyA, StrToIntA, PathFindExtensionA, StrCmpNA

      ( 1 exports )

      > DllCanUnloadNow, DllGetClassObject, DllMain, DllRegisterServer, DllUnregisterServer
      TrID : File type identification
      Windows OCX File (46.2%)
      Win64 Executable Generic (32.0%)
      Win32 Executable MS Visual C++ (generic) (14.1%)
      Win32 Executable Generic (3.1%)
      Win32 Dynamic Link Library (generic) (2.8%)
      Symantec reputation: Suspicious.Insight https://www.broadcom.com/support/security-center
      ssdeep: 6144:1H4cRZQZqCzVa3pSOiosLDY3JwMBmWSGjX:pLRZ+qCx6gDY3JfmW
      sigcheck: publisher....: n/a
      copyright....: All rights reserved.
      product......:
      description..:
      original name: n/a
      internal name: n/a
      file version.: 1.8.5.0
      comments.....: n/a
      signers......: -
      signing date.: -
      verified.....: Unsigned

      PEiD : -
      RDS : NSRL Reference Data Set
      -


      ATTENTION: VirusTotal est un service gratuit offert par Hispasec Sistemas. Il n'y a aucune garantie quant à la disponibilité et la continuité de ce service. Bien que le taux de détection permis par l'utilisation de multiples moteurs antivirus soit bien supérieur à celui offert par seulement un produit, ces résultats NE garantissent PAS qu'un fichier est sans danger. Il n'y a actuellement aucune solution qui offre un taux d'efficacité de 100% pour la détection des virus et malwares.

      VirusTotal © Hispasec Sistemas - Blog - Contact: info@virustotal.com - Terms of Service & Privacy Policy
      0
  12. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    /!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour nono5577, il n'est pas transposable sur un autre ordinateur !

    crées un sur ton bureau un nouveau fichier bloc note que tu nommeras CFScript
    Copies y ce texte dedans et enregistres le

    KillAll::

    File::

    c:\windows\system32\dbuwrhfolodm.exe
    c:\windows\system32\nhhcuetp.exe

    Folder::

    d:\documents and settings\Papa\Application Data\Street-Ads
    d:\documents and settings\Papa\Application Data\Sky-Banners


    * Désactive tes logiciels de protection
    * Fais un glisser/déposer de ce fichier CFScript.txt sur le fichier Combofix.exe (comme le lien suivant)
    http://apu.mabul.org/up/apu/2008/09/06/img-2258535my8h.gif
    * Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
    * Si le fichier ne s'ouvre pas, il se trouve ici ? C:\ComboFix.txt
    0
    1. nono5577 Messages postés 45 Statut Membre
       
      ComboFix 10-06-03.01 - Papa 06/06/2010 11:13:03.2.2 - x86
      Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.404 [GMT 2:00]
      Lancé depuis: d:\documents and settings\Papa\Bureau\ComboFix.exe
      Commutateurs utilisés :: d:\documents and settings\Papa\Bureau\CFScript.txt
      AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
      FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

      FILE ::
      "c:\windows\system32\dbuwrhfolodm.exe"
      "c:\windows\system32\nhhcuetp.exe"
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      c:\windows\system32\dbuwrhfolodm.exe
      c:\windows\system32\nhhcuetp.exe
      c:\windows\system32\raFSyamf.dll
      d:\documents and settings\Papa\Application Data\Sky-Banners
      d:\documents and settings\Papa\Application Data\Sky-Banners\skb\log.xml
      d:\documents and settings\Papa\Application Data\Street-Ads

      .
      ((((((((((((((((((((((((((((( Fichiers créés du 2010-05-06 au 2010-06-06 ))))))))))))))))))))))))))))))))))))
      .

      2010-06-03 22:13 . 2010-06-03 22:13 309760 ----a-w- c:\windows\system32\rbkcdqjf.dll
      2010-06-03 10:53 . 2010-06-03 21:25 -------- d-----w- c:\program files\List_Kill'em
      2010-06-02 17:02 . 2010-06-04 06:48 -------- d-----w- c:\program files\ZHPDiag
      2010-05-31 10:18 . 2010-05-31 10:18 -------- d-----w- c:\program files\$NtUninstallWTF1012$
      2010-05-22 15:56 . 2010-05-22 15:56 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
      2010-05-16 13:00 . 2010-05-16 13:00 -------- d-----w- d:\documents and settings\Papa\Local Settings\Application Data\Symantec
      2010-05-15 14:10 . 2010-05-15 14:10 -------- d-----w- c:\program files\Trend Micro
      2010-05-15 12:34 . 2010-05-15 12:34 -------- d-----w- d:\documents and settings\Papa\Application Data\Malwarebytes
      2010-05-15 12:34 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
      2010-05-15 12:34 . 2010-05-15 12:34 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes
      2010-05-15 12:34 . 2010-05-15 12:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
      2010-05-15 12:34 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
      2010-05-07 15:44 . 2010-05-07 15:44 -------- d-----w- d:\documents and settings\All Users\Application Data\F-Secure

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2010-06-06 09:25 . 2004-08-16 15:41 85154 ----a-w- c:\windows\system32\perfc00C.dat
      2010-06-06 09:25 . 2004-08-16 15:41 511538 ----a-w- c:\windows\system32\perfh00C.dat
      2010-06-05 17:58 . 2006-04-11 18:52 -------- d-----w- d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
      2010-06-05 08:24 . 2009-02-10 16:36 1 ----a-w- d:\documents and settings\Papa\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
      2010-06-05 08:18 . 2008-12-21 13:08 -------- d-----w- c:\program files\Microsoft Silverlight
      2010-06-03 21:26 . 2007-01-25 15:56 210984 ----a-w- d:\documents and settings\Papa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
      2010-06-03 10:28 . 2008-06-07 16:37 -------- d-----w- c:\program files\Windows Live
      2010-06-03 10:26 . 2008-01-14 18:22 -------- d-----w- c:\program files\Sony
      2010-06-01 06:53 . 2008-10-04 16:13 -------- d-----w- d:\documents and settings\All Users\Application Data\CanonIJPLM
      2010-05-30 16:38 . 2008-12-07 13:43 -------- d-----w- d:\documents and settings\Papa\Application Data\gtk-2.0
      2010-05-26 18:25 . 2006-07-23 09:02 -------- d-----w- c:\program files\CCleaner
      2010-05-15 12:29 . 2006-05-09 14:03 -------- d-----w- c:\program files\Lavasoft
      2010-05-03 17:34 . 2010-05-03 17:33 -------- d-----w- d:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
      2010-05-03 17:34 . 2009-12-17 08:55 -------- d-----w- c:\program files\iTunes
      2010-05-03 17:34 . 2010-05-03 17:34 -------- d-----w- c:\program files\iPod
      2010-05-03 17:33 . 2008-12-13 13:08 -------- d-----w- c:\program files\Fichiers communs\Apple
      2010-05-03 17:29 . 2008-12-13 13:08 -------- d-----w- c:\program files\QuickTime
      2010-05-03 17:23 . 2010-05-03 17:23 -------- d-----w- c:\program files\Bonjour
      2010-05-03 17:19 . 2010-05-03 17:19 73000 ----a-w- d:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
      2010-04-29 18:47 . 2010-04-29 18:47 3600384 ----a-w- c:\windows\system32\GPhotos.scr
      2010-04-08 11:20 . 2010-04-08 11:20 91424 ----a-w- c:\windows\system32\dnssd.dll
      2010-04-08 11:20 . 2010-04-08 11:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
      2010-03-30 10:27 . 2010-03-30 12:16 1109 ----a-w- d:\documents and settings\Papa\Application Data\Genie-Soft\GBMLite8Lacie\Jobs\sauvegarde mars 2010\00000000\maindata.sys
      2010-03-10 06:16 . 2004-08-16 15:41 420352 ----a-w- c:\windows\system32\vbscript.dll
      2007-01-23 18:02 . 2007-01-23 18:02 1150 ----a-w- c:\program files\wallpaperenable.reg
      2006-03-04 15:46 . 2006-01-29 16:25 560 ----a-w- c:\program files\Global.sw
      .

      ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{527B218C-EFBF-4C90-8F5F-B572A0CE2697}]
      2010-06-03 22:13 309760 ----a-w- c:\windows\system32\rbkcdqjf.dll

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 68856]
      "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
      "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
      "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
      "AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-08 57344]
      "RTHDCPL"="RTHDCPL.EXE" [2005-06-29 14720000]
      "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-12 136600]
      "Ulead AutoDetector v2"="c:\program files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
      "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
      "ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]
      "ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
      "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-10-27 180269]
      "BOOT"="c:\program files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe" [2002-08-16 476160]
      "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
      "CamserviceDP"="c:\program files\Hercules\DualPix Exchange\Camservice.exe" [2007-08-10 81920]
      "PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-05-11 127118]
      "IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-11-19 128352]
      "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 94208]
      "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
      "UsbBoost"="c:\program files\UsbBoost\TurboHddUsb.exe" [2010-01-03 3788800]
      "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
      "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
      "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
      "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
      "skb"="rafsyamf.dll" [BU]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

      d:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
      Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-5-23 593920]
      NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2009-2-13 1261568]
      OFFICE One Clock v6.5.lnk - c:\program files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe [2006-12-9 257536]

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
      @="FSFilter Activity Monitor"

      [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^OFFICE One Notes v6.5.lnk]
      path=d:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\OFFICE One Notes v6.5.lnk
      backup=c:\windows\pss\OFFICE One Notes v6.5.lnkCommon Startup

      [HKLM\~\startupfolder\D:^Documents and Settings^Papa^Menu Démarrer^Programmes^Démarrage^Club Internet.lnk]
      path=d:\documents and settings\Papa\Menu Démarrer\Programmes\Démarrage\Club Internet.lnk
      backup=c:\windows\pss\Club Internet.lnkStartup

      [HKLM\~\startupfolder\D:^Documents and Settings^Papa^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.0.lnk]
      path=d:\documents and settings\Papa\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.0.lnk
      backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OoPDFSettingsv6.exe]
      2003-11-20 09:38 460800 ----a-w- c:\program files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "AntiVirusOverride"=dword:00000001
      "FirewallOverride"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "c:\\Program Files\\Messenger\\msmsgs.exe"=
      "c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"=
      "c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"=
      "c:\\Program Files\\AOL 9.0\\aol.exe"=
      "c:\\APPS\\Inventime\\my.exe"=
      "c:\\APPS\\skype\\phone\\Skype.exe"=
      "c:\\WINDOWS\\system32\\sessmgr.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "c:\\APPS\\Powercinema\\PowerCinema.exe"=
      "c:\\Program Files\\AOL 9.0\\waol.exe"=
      "c:\\Program Files\\Hercules\\DualPix Exchange\\Station2.exe"=
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\Program Files\\Canon\\Canon IJ Network Scan Utility\\CNMNSUT.EXE"=
      "c:\\Program Files\\Canon\\Canon IJ Network Tool\\CNMNPUT.EXE"=
      "c:\\WINDOWS\\system32\\ftp.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
      "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
      "c:\\Program Files\\iTunes\\iTunes.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "6901:TCP"= 6901:TCP:video msn mesenger
      "1863:TCP"= 1863:TCP:dialogues msn messenger

      R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008000.029\SymEFA.sys [03/02/2010 18:11 310320]
      R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1008000.029\BHDrvx86.sys [03/02/2010 18:11 259632]
      R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1008000.029\cchpx86.sys [03/02/2010 18:11 482432]
      R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [03/01/2010 14:21 7936]
      R1 IDSxpx86;IDSxpx86;d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100528.003\IDSXpx86.sys [28/05/2010 21:33 331640]
      R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [23/05/2009 17:47 3712]
      R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [03/02/2010 18:11 117640]
      R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [27/10/2005 13:18 710144]
      R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/06/2009 09:39 102448]
      R3 hxctlflt;hxctlflt;c:\windows\system32\drivers\hxctlflt.sys [08/02/2009 22:42 99968]
      R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [13/02/2009 20:21 272128]
      S2 gupdate1c9d705ec2397f6;Service Google Update (gupdate1c9d705ec2397f6);c:\program files\Google\Update\GoogleUpdate.exe [17/05/2009 17:40 133104]
      S3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [26/05/2008 12:31 94208]
      S3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\fnettboh.sys [03/01/2010 14:21 23680]
      S3 PVUSB;CESG502 USB Driver;c:\windows\system32\drivers\cesg502.sys [24/09/2009 10:24 40672]
      S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys --> c:\windows\System32\Drivers\SjyPkt.sys [?]
      .
      Contenu du dossier 'Tâches planifiées'

      2010-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-17 15:40]

      2010-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-17 15:40]

      2010-06-06 c:\windows\Tasks\User_Feed_Synchronization-{98D8E7A5-E43E-47EE-935D-B17F9A489FDD}.job
      - c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
      .
      .
      ------- Examen supplémentaire -------
      .
      uStart Page = hxxp://www.sfr.fr/fr/adsl.jsp
      uInternet Connection Wizard,ShellNext = hxxp://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=BM3
      uInternet Settings,ProxyOverride = *.local
      uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
      IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
      IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
      Trusted Zone: micosoft.com\v4.Windowsupdate
      Trusted Zone: microsoft.com\Windowsupdate
      Trusted Zone: Windowsupdate.com\Download
      DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
      DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} - hxxp://www.m6video.fr/1click/install/files/installer2.cab
      DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} - hxxp://www.mypixmania.com/importer/MypixUploader.cab
      DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - hxxps://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
      .
      - - - - ORPHELINS SUPPRIMES - - - -

      BHO-{83861E3D-6FC3-4E6C-94E1-CC81502DD171} - c:\windows\system32\rafsyamf.dll
      HKLM-Run-MChk - c:\windows\system32\nhhcuetp.exe
      AddRemove-Language pack for Ad-Aware SE - c:\progra~1\Lavasoft\AD-AWA~2\Plugins\Langs\UNWISE.EXE



      **************************************************************************

      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2010-06-06 11:24
      Windows 5.1.2600 Service Pack 3 NTFS

      Recherche de processus cachés ...

      Recherche d'éléments en démarrage automatique cachés ...

      Recherche de fichiers cachés ...

      Scan terminé avec succès
      Fichiers cachés: 0

      **************************************************************************

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
      "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MysqlInventime]
      "ImagePath"="c:\apps\INVENT~1\mysql\bin\mysqld-nt --defaults-file=c:\apps\Inventime\mysql\my.ini MysqlInventime"
      .
      --------------------- CLES DE REGISTRE BLOQUEES ---------------------

      [HKEY_USERS\S-1-5-21-646265780-4222595010-3655448000-1010\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
      "??"=hex:10,11,b5,a9,c1,c7,3e,76,b9,87,43,6c,ff,e9,62,79,fd,00,2f,d3,d2,6a,25,
      b6,31,a1,2e,1f,b3,a0,0b,7f,28,8b,54,10,bf,83,3d,86,d0,9e,72,6e,76,dc,7d,7c,\
      "??"=hex:95,3e,db,68,06,10,31,3b,48,55,83,2c,0c,8a,a4,c8

      [HKEY_USERS\S-1-5-21-646265780-4222595010-3655448000-1010\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0]
      "Percents"="0 0.1247 0.3475 0.4589 0.5756 0.7745 0.7798 "
      "Increment"=".011494"
      "FRT"="S7scj3oKaZQnWbQe3V6SfWiALMaTBcNS49K7tndsZLe39mbZ+KBZHw=="
      "PLCK"="oqLN6wP3BZUxh2dxb3pNGB/pvztxErHt"
      "PHSH"=""
      .
      --------------------- DLLs chargées dans les processus actifs ---------------------

      - - - - - - - > 'winlogon.exe'(1140)
      c:\windows\system32\Ati2evxx.dll

      - - - - - - - > 'explorer.exe'(2544)
      c:\program files\Logitech\SetPoint\lgscroll.dll
      c:\progra~1\WINDOW~2\wmpband.dll
      c:\windows\system32\msi.dll
      c:\windows\system32\eappprxy.dll
      c:\windows\system32\webcheck.dll
      c:\windows\system32\WPDShServiceObj.dll
      c:\windows\system32\PortableDeviceTypes.dll
      c:\windows\system32\PortableDeviceApi.dll
      .
      ------------------------ Autres processus actifs ------------------------
      .
      c:\windows\system32\Ati2evxx.exe
      c:\windows\system32\Ati2evxx.exe
      c:\progra~1\FICHIE~1\AOL\ACS\AOLacsd.exe
      c:\program files\Bonjour\mDNSResponder.exe
      c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
      c:\windows\system32\CTsvcCDA.exe
      c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
      c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
      c:\program files\Canon\IJPLM\IJPLMSVC.EXE
      c:\program files\Java\jre6\bin\jqs.exe
      c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
      c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
      c:\apps\Powercinema\Kernel\TV\CLSched.exe
      c:\windows\RTHDCPL.EXE
      c:\apps\ABoard\AOSD.exe
      c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
      c:\windows\system32\rundll32.exe
      c:\program files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
      c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
      c:\program files\iPod\bin\iPodService.exe
      .
      **************************************************************************
      .
      Heure de fin: 2010-06-06 11:31:52 - La machine a redémarré
      ComboFix-quarantined-files.txt 2010-06-06 09:31
      ComboFix2.txt 2010-06-05 12:52

      Avant-CF: 13 344 337 920 octets libres
      Après-CF: 13 307 375 616 octets libres

      - - End Of File - - 7D8B3B2B62B3060D0BE7CB48F448E454
      0
  13. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    ok

    comment va le pc ?

    postes le lien d'un nouveau rapport ZHP diag stp
    0
    1. nono5577 Messages postés 45 Statut Membre
       
      http://www.cijoint.fr/cjlink.php?file=cj201006/cijzjzVHBL.txt
      0
  14. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    il serait bien de faire yoog fix à la lecture de ton rapport

    Télécharge Yoog_Fix sur ton Bureau : Yoog_Fix.exe
    http://batchdhelus.open-web.fr/programme/Yoog_Fix.exe

    Lance Yoog_Fix.exe qui est placé sur ton Bureau.
    Si tu acceptes le disclamer tu cliques sur OK puis choisie l'option 1 Recherche / Suppression
    Attends que le scan soit terminé, une fenêtre va t'en informer --> Cliquez sur OK.
    Un rapport s'affiche, poste le dans ta prochaine réponse.
    tutoriel: http://batchdhelus.open-web.fr/programme/tutoriels/tutoriel_option1.html
    Note : Il se peut que Yoog_Fix soit détecté par ton antivirus comme dangereux. Cette alerte est un faux positif, Désactive tes protections résidentes !!!
    0
    1. nono5577 Messages postés 45 Statut Membre
       
      Bonsoir,

      Voilà le rapport yoog fix.
      Merci.
      Yoog_Fix 3.0.1 de Batch_Man | Papa (Administrateur)
      Debut a 19:09 le 07/06/2010
      Microsoft Windows XP Édition familiale(5.1.2600)

      Intel(R) Pentium(R) 4 CPU 3.20GHz
      Ram : 1023,5 Mo
      Normal boot

      Antivirus: Norton Internet Security 16.5.0.134 (Activated)
      Pare-Feu: Norton Internet Security 16.5.0.134 (Activated)
      Lancé de "D:\Documents and Settings\Papa\Bureau\Yoog_Fix.bat"

      C:\ [Fixed] - NTFS - (Total:30710 Mo/Free:405 Mo)
      D:\ [Fixed] - NTFS - (Total:152068 Mo/Free:160 Mo)
      E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
      F:\ [Removable] (Total:0 Mo/Free:0 Mo)
      G:\ [Removable] (Total:0 Mo/Free:0 Mo)
      H:\ [Removable] (Total:0 Mo/Free:0 Mo)
      I:\ [Removable] (Total:0 Mo/Free:0 Mo)

      Option [1] 2 3 Recherche / Suppression

      »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

      »»»»»»»»»»» [Suppression: Fichiers / Dossiers / Clés / Prefs Firefox]


      ------------[Suspects]

      Aucun fichier suspect trouvé


      »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

      »»»»»»»»»»» [Recherche: Analyse de Firefox]


      ------------[Analyse de Firefox]


      Firefox non installé


      »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

      »»»»»»»»»»» [Recherche: Analyse d'Internet explorer / Registre ]

      Internet Explorer : 8.0.6001.18702

      L1 = HKLM\..\Main.Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      L1 = HKLM\..\Main.Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      L1 = HKCU\..\Main.Start Page = https://www.sfr.fr/
      L1 = HKCU\..\Main.Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      L1 = HKU\.DEFAULT\..\Main.Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
      L1 = HKU\.DEFAULT\..\Main.Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      L1 = HKU\S-1-5-19\..\Main.Start Page = https://www.broadcom.com/support/security-center
      L1 = HKU\S-1-5-19\..\Main.Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      L1 = HKU\S-1-5-19\..\Main.Search Bar = http://www.bing.com/spresults.aspx
      L1 = HKU\S-1-5-19\..\Main.Window Title = Packard Bell
      L1 = HKU\S-1-5-20\..\Main.Start Page = https://www.broadcom.com/support/security-center
      L1 = HKU\S-1-5-20\..\Main.Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      L1 = HKU\S-1-5-20\..\Main.Search Bar = http://www.bing.com/spresults.aspx
      L1 = HKU\S-1-5-20\..\Main.Window Title = Packard Bell
      L1 = HKU\S-1-5-21-646265780-4222595010-3655448000-1010\..\Main.Start Page = https://www.sfr.fr/
      L1 = HKU\S-1-5-21-646265780-4222595010-3655448000-1010\..\Main.Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      L1 = HKU\S-1-5-18\..\Main.Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
      L1 = HKU\S-1-5-18\..\Main.Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      L1 = HKLM\..\Main.Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      L1 = HKLM\..\Main.Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      L1 = HKLM\..\Search.Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html
      L1 = HKLM\..\Search.CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
      L1 = HKLM\..\Search.SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
      L1 = HKLM\..\Search.SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
      L1 = HKLM\..\Search.CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
      L1 = HKCU\..\Toolbar.LinksFolderName = Liens
      L1 = HKU\S-1-5-19\..\Toolbar.LinksFolderName = Liens
      L1 = HKU\S-1-5-20\..\Toolbar.LinksFolderName = Liens
      L1 = HKU\S-1-5-21-646265780-4222595010-3655448000-1010\..\Toolbar.LinksFolderName = Liens
      L1 = HKU\S-1-5-19\..\Main.First Home Page= file://C:\APPS\IE\offline\fr.htm
      L1 = HKU\S-1-5-20\..\Main.First Home Page= file://C:\APPS\IE\offline\fr.htm
      L2 = HKCU\..\Internet Settings.ProxyOverride = *.local
      L2 = HKCU\..\Internet Connection Wizard.ShellNext = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=BM3

      [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet =
      NavigationFailure = res://ieframe.dll/navcancl.htm
      DesktopItemNavigationFailure = res://ieframe.dll/navcancl.htm
      NavigationCanceled = res://ieframe.dll/navcancl.htm
      OfflineInformation = res://ieframe.dll/offcancl.htm
      Home = 0x10e
      blank = res://mshtml.dll/blank.htm
      PostNotCached = res://ieframe.dll/repost.htm
      InPrivate = res://ieframe.dll/inprivate.htm
      NoAdd-ons = res://ieframe.dll/noaddon.htm
      NoAdd-onsInfo = res://ieframe.dll/noaddoninfo.htm
      SecurityRisk = res://ieframe.dll/securityatrisk.htm
      Tabs = res://ieframe.dll/tabswelcome.htm

      --------[Browser Helper Object]

      BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3},@SANS NOM=3.0
      BHO: {527B218C-EFBF-4C90-8F5F-B572A0CE2697},@SANS NOM=3.0
      BHO: {527B218C-EFBF-4C90-8F5F-B572A0CE2697},@SANS NOM=Street-Ads Browser Enhancer rbkcdqjf
      BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408},@SANS NOM=3.0
      BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408},@SANS NOM=Symantec NCO BHO
      BHO: {6D53EC84-6AAE-4787-AEEE-F4628F01010C},@SANS NOM=3.0
      BHO: {6D53EC84-6AAE-4787-AEEE-F4628F01010C},@SANS NOM=Symantec Intrusion Prevention
      BHO: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B},@SANS NOM=3.0
      BHO: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B},@SANS NOM=Search Helper
      BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43},@SANS NOM=3.0
      BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6},@SANS NOM=3.0
      BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7},@SANS NOM=3.0
      BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D},@SANS NOM=3.0
      BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9},@SANS NOM=3.0
      BHO: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10},@SANS NOM=3.0
      BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C},@SANS NOM=3.0
      BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C},@SANS NOM=JQSIEStartDetectorImpl

      --------[SearchScopes]

      [HKEY_USERS\S-1-5-21-646265780-4222595010-3655448000-1010\..\SearchScopes],@DefaultScope={AE69D59E-F0DF-4671-8EAF-8D7732A4FBAA}
      [HKEY_USERS\S-1-5-21-646265780-4222595010-3655448000-1010\..\SearchScopes\{AE69D59E-F0DF-4671-8EAF-8D7732A4FBAA}],@DisplayName=Google
      [HKCU\Software\Microsoft\Internet Explorer\SearchScopes],@DefaultScope={AE69D59E-F0DF-4671-8EAF-8D7732A4FBAA}
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes],@DefaultScope={6A1806CD-94D4-4689-BA73-E35EA1EA9990}
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}],@DisplayName=@ieframe.dll,-12512
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}],@DisplayName=Google
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AE69D59E-F0DF-4671-8EAF-8D7732A4FBAA}],@DisplayName=Google

      --------[Extensions]

      @xpsp3res.dll,-20001: %windir%\Network Diagnostic\xpnetdiag.exe - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16}
      Windows Messenger: C:\Program Files\Messenger\msmsgs.exe - {1FBA04EE-3024-11D2-8F1F-0000F87ABD16}

      --------[Clé Run]


      ------------[Autres infections]




      »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

      »»»»»»»»»»» [Autres rapports]


      [07/06/2010 19:13] C:\Yoog_Fix\Logs\Rapport_07_06_2010_n1.txt - (Choix 1 : Recherche / Suppression)

      -------------------------->>

      Veuillez uploader le fichier C:\Yoog_Fix\Backups\Backup_07_06_2010_1.zip à l'adresse suivante : http://batchdhelus.open-web.fr/upload
      Aide en images : http://batchdhelus.open-web.fr/upload/procedure.html

      Si la procédure échoue, veuillez l'envoyer à l'adresse email suivante : yoog.fix.sav@gmail.com


      +--------------[Fin à 19h 13min]
      0
  15. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    Relance ZHPDiag ( Clic droit " Executer en tant qu'administrateur " sous vista ) , fais un scan puis cette fois-ci cliques sur l'icone en forme d'écusson vert " ZHPFix ".

    ZHPFix se lancera, clique maintenant sur le " H " bleu ( coller les lignes helper ) puis copie/colle ces lignes

    [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: Modified
    [HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: Modified
    O2 - BHO: Street-Ads Browser Enhancer rbkcdqjf - {527B218C-EFBF-4C90-8F5F-B572A0CE2697} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\rbkcdqjf.dll
    O42 - Logiciel: Sky-Banners browser enhancer - (.Pas de propriétaire.) [HKLM]
    O42 - Logiciel: Street-Ads Browser Enhancer - (.Pas de propriétaire.) [HKLM]
    [HKCU\Software\Sky-Banners]
    [HKCU\Software\Street-Ads]
    [HKLM\Software\Sky-Banners]
    [HKLM\Software\Street-Ads]
    O44 - LFC:[MD5.881328ECAD1933B991B3444FBE9E83E5] - 03/06/2010 - 23:13:36 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\rbkcdqjf.dll [309760]


    Clique sur " Ok " , puis " Tous " et enfin " Nettoyer ".

    Copie/Colle le rapport à l'écran dans ton prochain message

    0
    1. nono5577 Messages postés 45 Statut Membre
       
      Comme les autres fois plantage du pc au moment de nettoyer avec ZHP Fix
      Message "uninstall this wizard "smart"" yes or no .Que je tape yes or no ,le pc plante .???
      0
  16. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    fais la même manip qu'ici

    https://forums.commentcamarche.net/forum/affich-17918145-analyse-rapport-hitjackthis#30

    avec ce texte là en gras

    KillAll::

    File::

    C:\WINDOWS\system32\rbkcdqjf.dll



    Je cherche beaucoup...et maintenant je trouve !
    (sourire)
    0
    1. nono5577 Messages postés 45 Statut Membre
       
      ComboFix 10-06-03.01 - Papa 07/06/2010 21:26:19.3.2 - x86
      Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.422 [GMT 2:00]
      Lancé depuis: d:\documents and settings\Papa\Bureau\ComboFix.exe
      Commutateurs utilisés :: d:\documents and settings\Papa\Bureau\CFScript.txt
      AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
      FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

      FILE ::
      "c:\windows\system32\dbuwrhfolodm.exe"
      "c:\windows\system32\nhhcuetp.exe"
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      d:\documents and settings\Papa\Application Data\Street-Ads

      .
      ((((((((((((((((((((((((((((( Fichiers créés du 2010-05-07 au 2010-06-07 ))))))))))))))))))))))))))))))))))))
      .

      2010-06-07 17:09 . 2010-06-07 17:09 -------- d-----w- C:\Yoog_Fix
      2010-06-03 22:13 . 2010-06-03 22:13 309760 ----a-w- c:\windows\system32\rbkcdqjf.dll
      2010-06-03 10:53 . 2010-06-03 21:25 -------- d-----w- c:\program files\List_Kill'em
      2010-06-02 17:02 . 2010-06-07 18:34 -------- d-----w- c:\program files\ZHPDiag
      2010-05-31 10:18 . 2010-05-31 10:18 -------- d-----w- c:\program files\$NtUninstallWTF1012$
      2010-05-22 15:56 . 2010-05-22 15:56 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
      2010-05-16 13:00 . 2010-05-16 13:00 -------- d-----w- d:\documents and settings\Papa\Local Settings\Application Data\Symantec
      2010-05-15 14:10 . 2010-05-15 14:10 -------- d-----w- c:\program files\Trend Micro
      2010-05-15 12:34 . 2010-05-15 12:34 -------- d-----w- d:\documents and settings\Papa\Application Data\Malwarebytes
      2010-05-15 12:34 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
      2010-05-15 12:34 . 2010-05-15 12:34 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes
      2010-05-15 12:34 . 2010-05-15 12:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
      2010-05-15 12:34 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2010-06-07 19:38 . 2004-08-16 15:41 85154 ----a-w- c:\windows\system32\perfc00C.dat
      2010-06-07 19:38 . 2004-08-16 15:41 511538 ----a-w- c:\windows\system32\perfh00C.dat
      2010-06-06 16:12 . 2006-04-11 18:52 -------- d-----w- d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
      2010-06-06 13:32 . 2009-02-10 16:36 1 ----a-w- d:\documents and settings\Papa\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
      2010-06-05 08:18 . 2008-12-21 13:08 -------- d-----w- c:\program files\Microsoft Silverlight
      2010-06-03 21:26 . 2007-01-25 15:56 210984 ----a-w- d:\documents and settings\Papa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
      2010-06-03 10:28 . 2008-06-07 16:37 -------- d-----w- c:\program files\Windows Live
      2010-06-03 10:26 . 2008-01-14 18:22 -------- d-----w- c:\program files\Sony
      2010-06-01 06:53 . 2008-10-04 16:13 -------- d-----w- d:\documents and settings\All Users\Application Data\CanonIJPLM
      2010-05-30 16:38 . 2008-12-07 13:43 -------- d-----w- d:\documents and settings\Papa\Application Data\gtk-2.0
      2010-05-26 18:25 . 2006-07-23 09:02 -------- d-----w- c:\program files\CCleaner
      2010-05-15 12:29 . 2006-05-09 14:03 -------- d-----w- c:\program files\Lavasoft
      2010-05-07 15:44 . 2010-05-07 15:44 -------- d-----w- d:\documents and settings\All Users\Application Data\F-Secure
      2010-05-03 17:34 . 2010-05-03 17:33 -------- d-----w- d:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
      2010-05-03 17:34 . 2009-12-17 08:55 -------- d-----w- c:\program files\iTunes
      2010-05-03 17:34 . 2010-05-03 17:34 -------- d-----w- c:\program files\iPod
      2010-05-03 17:33 . 2008-12-13 13:08 -------- d-----w- c:\program files\Fichiers communs\Apple
      2010-05-03 17:29 . 2008-12-13 13:08 -------- d-----w- c:\program files\QuickTime
      2010-05-03 17:23 . 2010-05-03 17:23 -------- d-----w- c:\program files\Bonjour
      2010-05-03 17:19 . 2010-05-03 17:19 73000 ----a-w- d:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
      2010-04-29 18:47 . 2010-04-29 18:47 3600384 ----a-w- c:\windows\system32\GPhotos.scr
      2010-04-08 11:20 . 2010-04-08 11:20 91424 ----a-w- c:\windows\system32\dnssd.dll
      2010-04-08 11:20 . 2010-04-08 11:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
      2010-03-30 10:27 . 2010-03-30 12:16 1109 ----a-w- d:\documents and settings\Papa\Application Data\Genie-Soft\GBMLite8Lacie\Jobs\sauvegarde mars 2010\00000000\maindata.sys
      2010-03-10 06:16 . 2004-08-16 15:41 420352 ----a-w- c:\windows\system32\vbscript.dll
      2007-01-23 18:02 . 2007-01-23 18:02 1150 ----a-w- c:\program files\wallpaperenable.reg
      2006-03-04 15:46 . 2006-01-29 16:25 560 ----a-w- c:\program files\Global.sw
      .

      ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{527B218C-EFBF-4C90-8F5F-B572A0CE2697}]
      2010-06-03 22:13 309760 ----a-w- c:\windows\system32\rbkcdqjf.dll

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 68856]
      "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
      "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
      "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
      "AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-08 57344]
      "RTHDCPL"="RTHDCPL.EXE" [2005-06-29 14720000]
      "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-12 136600]
      "Ulead AutoDetector v2"="c:\program files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
      "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
      "ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]
      "ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
      "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-10-27 180269]
      "BOOT"="c:\program files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe" [2002-08-16 476160]
      "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
      "CamserviceDP"="c:\program files\Hercules\DualPix Exchange\Camservice.exe" [2007-08-10 81920]
      "PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-05-11 127118]
      "IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-11-19 128352]
      "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 94208]
      "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
      "UsbBoost"="c:\program files\UsbBoost\TurboHddUsb.exe" [2010-01-03 3788800]
      "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
      "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
      "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
      "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
      "skb"="rafsyamf.dll" [BU]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

      d:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
      Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-5-23 593920]
      NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2009-2-13 1261568]
      OFFICE One Clock v6.5.lnk - c:\program files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe [2006-12-9 257536]

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
      @="FSFilter Activity Monitor"

      [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^OFFICE One Notes v6.5.lnk]
      path=d:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\OFFICE One Notes v6.5.lnk
      backup=c:\windows\pss\OFFICE One Notes v6.5.lnkCommon Startup

      [HKLM\~\startupfolder\D:^Documents and Settings^Papa^Menu Démarrer^Programmes^Démarrage^Club Internet.lnk]
      path=d:\documents and settings\Papa\Menu Démarrer\Programmes\Démarrage\Club Internet.lnk
      backup=c:\windows\pss\Club Internet.lnkStartup

      [HKLM\~\startupfolder\D:^Documents and Settings^Papa^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.0.lnk]
      path=d:\documents and settings\Papa\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.0.lnk
      backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OoPDFSettingsv6.exe]
      2003-11-20 09:38 460800 ----a-w- c:\program files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "c:\\Program Files\\Messenger\\msmsgs.exe"=
      "c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"=
      "c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"=
      "c:\\Program Files\\AOL 9.0\\aol.exe"=
      "c:\\APPS\\Inventime\\my.exe"=
      "c:\\APPS\\skype\\phone\\Skype.exe"=
      "c:\\WINDOWS\\system32\\sessmgr.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "c:\\APPS\\Powercinema\\PowerCinema.exe"=
      "c:\\Program Files\\AOL 9.0\\waol.exe"=
      "c:\\Program Files\\Hercules\\DualPix Exchange\\Station2.exe"=
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\Program Files\\Canon\\Canon IJ Network Scan Utility\\CNMNSUT.EXE"=
      "c:\\Program Files\\Canon\\Canon IJ Network Tool\\CNMNPUT.EXE"=
      "c:\\WINDOWS\\system32\\ftp.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
      "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
      "c:\\Program Files\\iTunes\\iTunes.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "6901:TCP"= 6901:TCP:video msn mesenger
      "1863:TCP"= 1863:TCP:dialogues msn messenger

      R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008000.029\SymEFA.sys [03/02/2010 18:11 310320]
      R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1008000.029\BHDrvx86.sys [03/02/2010 18:11 259632]
      R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1008000.029\cchpx86.sys [03/02/2010 18:11 482432]
      R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [03/01/2010 14:21 7936]
      R1 IDSxpx86;IDSxpx86;d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100528.003\IDSXpx86.sys [28/05/2010 21:33 331640]
      R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [23/05/2009 17:47 3712]
      R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [03/02/2010 18:11 117640]
      R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [27/10/2005 13:18 710144]
      R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/06/2009 09:39 102448]
      R3 hxctlflt;hxctlflt;c:\windows\system32\drivers\hxctlflt.sys [08/02/2009 22:42 99968]
      R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [13/02/2009 20:21 272128]
      S2 gupdate1c9d705ec2397f6;Service Google Update (gupdate1c9d705ec2397f6);c:\program files\Google\Update\GoogleUpdate.exe [17/05/2009 17:40 133104]
      S3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [26/05/2008 12:31 94208]
      S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\d:\docume~1\Papa\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> d:\docume~1\Papa\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?]
      S3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\fnettboh.sys [03/01/2010 14:21 23680]
      S3 PVUSB;CESG502 USB Driver;c:\windows\system32\drivers\cesg502.sys [24/09/2009 10:24 40672]
      S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys --> c:\windows\System32\Drivers\SjyPkt.sys [?]
      .
      Contenu du dossier 'Tâches planifiées'

      2010-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-17 15:40]

      2010-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-17 15:40]

      2010-06-07 c:\windows\Tasks\User_Feed_Synchronization-{98D8E7A5-E43E-47EE-935D-B17F9A489FDD}.job
      - c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
      .
      .
      ------- Examen supplémentaire -------
      .
      uStart Page = hxxp://www.sfr.fr/fr/adsl.jsp
      uInternet Connection Wizard,ShellNext = hxxp://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=BM3
      uInternet Settings,ProxyOverride = *.local
      uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
      IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
      IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
      Trusted Zone: micosoft.com\v4.Windowsupdate
      Trusted Zone: microsoft.com\Windowsupdate
      Trusted Zone: Windowsupdate.com\Download
      DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
      DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} - hxxp://www.m6video.fr/1click/install/files/installer2.cab
      DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} - hxxp://www.mypixmania.com/importer/MypixUploader.cab
      DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - hxxps://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
      .

      **************************************************************************

      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2010-06-07 21:37
      Windows 5.1.2600 Service Pack 3 NTFS

      Recherche de processus cachés ...

      Recherche d'éléments en démarrage automatique cachés ...

      Recherche de fichiers cachés ...

      Scan terminé avec succès
      Fichiers cachés: 0

      **************************************************************************

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
      "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MysqlInventime]
      "ImagePath"="c:\apps\INVENT~1\mysql\bin\mysqld-nt --defaults-file=c:\apps\Inventime\mysql\my.ini MysqlInventime"
      .
      --------------------- CLES DE REGISTRE BLOQUEES ---------------------

      [HKEY_USERS\S-1-5-21-646265780-4222595010-3655448000-1010\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
      "??"=hex:10,11,b5,a9,c1,c7,3e,76,b9,87,43,6c,ff,e9,62,79,fd,00,2f,d3,d2,6a,25,
      b6,31,a1,2e,1f,b3,a0,0b,7f,28,8b,54,10,bf,83,3d,86,d0,9e,72,6e,76,dc,7d,7c,\
      "??"=hex:95,3e,db,68,06,10,31,3b,48,55,83,2c,0c,8a,a4,c8

      [HKEY_USERS\S-1-5-21-646265780-4222595010-3655448000-1010\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0]
      "Percents"="0 0.1247 0.3475 0.4589 0.5756 0.7745 0.7798 "
      "Increment"=".011494"
      "FRT"="S7scj3oKaZQnWbQe3V6SfWiALMaTBcNS49K7tndsZLe39mbZ+KBZHw=="
      "PLCK"="oqLN6wP3BZUxh2dxb3pNGB/pvztxErHt"
      "PHSH"=""
      .
      --------------------- DLLs chargées dans les processus actifs ---------------------

      - - - - - - - > 'winlogon.exe'(1140)
      c:\windows\system32\Ati2evxx.dll

      - - - - - - - > 'explorer.exe'(2528)
      c:\program files\Logitech\SetPoint\lgscroll.dll
      c:\progra~1\WINDOW~2\wmpband.dll
      c:\windows\system32\msi.dll
      c:\windows\system32\eappprxy.dll
      c:\windows\system32\webcheck.dll
      c:\windows\system32\WPDShServiceObj.dll
      c:\windows\system32\PortableDeviceTypes.dll
      c:\windows\system32\PortableDeviceApi.dll
      .
      ------------------------ Autres processus actifs ------------------------
      .
      c:\windows\system32\Ati2evxx.exe
      c:\windows\system32\Ati2evxx.exe
      c:\progra~1\FICHIE~1\AOL\ACS\AOLacsd.exe
      c:\program files\Bonjour\mDNSResponder.exe
      c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
      c:\windows\system32\CTsvcCDA.exe
      c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
      c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
      c:\program files\Canon\IJPLM\IJPLMSVC.EXE
      c:\program files\Java\jre6\bin\jqs.exe
      c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
      c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
      c:\apps\Powercinema\Kernel\TV\CLSched.exe
      c:\windows\system32\wscntfy.exe
      c:\windows\RTHDCPL.EXE
      c:\apps\ABoard\AOSD.exe
      c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
      c:\program files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
      c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
      c:\program files\iPod\bin\iPodService.exe
      .
      **************************************************************************
      .
      Heure de fin: 2010-06-07 21:45:28 - La machine a redémarré
      ComboFix-quarantined-files.txt 2010-06-07 19:45
      ComboFix2.txt 2010-06-06 09:31
      ComboFix3.txt 2010-06-05 12:52

      Avant-CF: 13 253 554 176 octets libres
      Après-CF: 13 231 243 264 octets libres

      - - End Of File - - 20833367611BBB834F7B58AA86DA0873
      0
  17. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    as tu fais ceci ?

    /!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour nono5577, il n'est pas transposable sur un autre ordinateur !

    crées un sur ton bureau un nouveau fichier bloc note que tu nommeras CFScript
    Copies y ce texte dedans et enregistres le

    KillAll::

    File::

    C:\WINDOWS\system32\rbkcdqjf.dll


    * Désactive tes logiciels de protection
    * Fais un glisser/déposer de ce fichier CFScript.txt sur le fichier Combofix.exe (comme le lien suivant)
    http://apu.mabul.org/up/apu/2008/09/06/img-2258535my8h.gif
    * Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
    * Si le fichier ne s'ouvre pas, il se trouve ici ? C:\ComboFix.txt
    0
    1. nono5577 Messages postés 45 Statut Membre
       
      Bonjour,

      Oui,pourquoi ?
      0
    2. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
       
      ou le rapport n'est pas le bon
      ou la manip a échoué

      donc

      poster le bon rapport
      ou refaire la manip
      0
    3. nono5577 Messages postés 45 Statut Membre
       
      OK, en fin d'après-midi.
      Merci.
      0
    4. nono5577 Messages postés 45 Statut Membre
       
      ComboFix 10-06-03.01 - Papa 08/06/2010 16:34:15.4.2 - x86
      Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.434 [GMT 2:00]
      Lancé depuis: d:\documents and settings\Papa\Bureau\ComboFix.exe
      Commutateurs utilisés :: d:\documents and settings\Papa\Bureau\CFScript.txt
      AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
      FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

      FILE ::
      "c:\windows\system32\rbkcdqjf.dll"
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      c:\windows\system32\rbkcdqjf.dll

      .
      ((((((((((((((((((((((((((((( Fichiers créés du 2010-05-08 au 2010-06-08 ))))))))))))))))))))))))))))))))))))
      .

      2010-06-07 17:09 . 2010-06-07 17:09 -------- d-----w- C:\Yoog_Fix
      2010-06-03 10:53 . 2010-06-03 21:25 -------- d-----w- c:\program files\List_Kill'em
      2010-06-02 17:02 . 2010-06-07 18:34 -------- d-----w- c:\program files\ZHPDiag
      2010-05-31 10:18 . 2010-05-31 10:18 -------- d-----w- c:\program files\$NtUninstallWTF1012$
      2010-05-22 15:56 . 2010-05-22 15:56 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
      2010-05-16 13:00 . 2010-05-16 13:00 -------- d-----w- d:\documents and settings\Papa\Local Settings\Application Data\Symantec
      2010-05-15 14:10 . 2010-05-15 14:10 -------- d-----w- c:\program files\Trend Micro
      2010-05-15 12:34 . 2010-05-15 12:34 -------- d-----w- d:\documents and settings\Papa\Application Data\Malwarebytes
      2010-05-15 12:34 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
      2010-05-15 12:34 . 2010-05-15 12:34 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes
      2010-05-15 12:34 . 2010-05-15 12:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
      2010-05-15 12:34 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2010-06-08 14:46 . 2004-08-16 15:41 85154 ----a-w- c:\windows\system32\perfc00C.dat
      2010-06-08 14:46 . 2004-08-16 15:41 511538 ----a-w- c:\windows\system32\perfh00C.dat
      2010-06-06 16:12 . 2006-04-11 18:52 -------- d-----w- d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
      2010-06-06 13:32 . 2009-02-10 16:36 1 ----a-w- d:\documents and settings\Papa\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
      2010-06-05 08:18 . 2008-12-21 13:08 -------- d-----w- c:\program files\Microsoft Silverlight
      2010-06-03 21:26 . 2007-01-25 15:56 210984 ----a-w- d:\documents and settings\Papa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
      2010-06-03 10:28 . 2008-06-07 16:37 -------- d-----w- c:\program files\Windows Live
      2010-06-03 10:26 . 2008-01-14 18:22 -------- d-----w- c:\program files\Sony
      2010-06-01 06:53 . 2008-10-04 16:13 -------- d-----w- d:\documents and settings\All Users\Application Data\CanonIJPLM
      2010-05-30 16:38 . 2008-12-07 13:43 -------- d-----w- d:\documents and settings\Papa\Application Data\gtk-2.0
      2010-05-26 18:25 . 2006-07-23 09:02 -------- d-----w- c:\program files\CCleaner
      2010-05-15 12:29 . 2006-05-09 14:03 -------- d-----w- c:\program files\Lavasoft
      2010-05-07 15:44 . 2010-05-07 15:44 -------- d-----w- d:\documents and settings\All Users\Application Data\F-Secure
      2010-05-03 17:34 . 2010-05-03 17:33 -------- d-----w- d:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
      2010-05-03 17:34 . 2009-12-17 08:55 -------- d-----w- c:\program files\iTunes
      2010-05-03 17:34 . 2010-05-03 17:34 -------- d-----w- c:\program files\iPod
      2010-05-03 17:33 . 2008-12-13 13:08 -------- d-----w- c:\program files\Fichiers communs\Apple
      2010-05-03 17:29 . 2008-12-13 13:08 -------- d-----w- c:\program files\QuickTime
      2010-05-03 17:23 . 2010-05-03 17:23 -------- d-----w- c:\program files\Bonjour
      2010-05-03 17:19 . 2010-05-03 17:19 73000 ----a-w- d:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
      2010-04-29 18:47 . 2010-04-29 18:47 3600384 ----a-w- c:\windows\system32\GPhotos.scr
      2010-04-08 11:20 . 2010-04-08 11:20 91424 ----a-w- c:\windows\system32\dnssd.dll
      2010-04-08 11:20 . 2010-04-08 11:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
      2010-03-30 10:27 . 2010-03-30 12:16 1109 ----a-w- d:\documents and settings\Papa\Application Data\Genie-Soft\GBMLite8Lacie\Jobs\sauvegarde mars 2010\00000000\maindata.sys
      2007-01-23 18:02 . 2007-01-23 18:02 1150 ----a-w- c:\program files\wallpaperenable.reg
      2006-03-04 15:46 . 2006-01-29 16:25 560 ----a-w- c:\program files\Global.sw
      .

      ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 68856]
      "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
      "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
      "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
      "AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-08 57344]
      "RTHDCPL"="RTHDCPL.EXE" [2005-06-29 14720000]
      "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-12 136600]
      "Ulead AutoDetector v2"="c:\program files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
      "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
      "ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]
      "ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
      "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-10-27 180269]
      "BOOT"="c:\program files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe" [2002-08-16 476160]
      "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
      "CamserviceDP"="c:\program files\Hercules\DualPix Exchange\Camservice.exe" [2007-08-10 81920]
      "PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-05-11 127118]
      "IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-11-19 128352]
      "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 94208]
      "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
      "UsbBoost"="c:\program files\UsbBoost\TurboHddUsb.exe" [2010-01-03 3788800]
      "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
      "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
      "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
      "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
      "skb"="rafsyamf.dll" [BU]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

      d:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
      Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-5-23 593920]
      NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2009-2-13 1261568]
      OFFICE One Clock v6.5.lnk - c:\program files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe [2006-12-9 257536]

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
      @="FSFilter Activity Monitor"

      [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^OFFICE One Notes v6.5.lnk]
      path=d:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\OFFICE One Notes v6.5.lnk
      backup=c:\windows\pss\OFFICE One Notes v6.5.lnkCommon Startup

      [HKLM\~\startupfolder\D:^Documents and Settings^Papa^Menu Démarrer^Programmes^Démarrage^Club Internet.lnk]
      path=d:\documents and settings\Papa\Menu Démarrer\Programmes\Démarrage\Club Internet.lnk
      backup=c:\windows\pss\Club Internet.lnkStartup

      [HKLM\~\startupfolder\D:^Documents and Settings^Papa^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.0.lnk]
      path=d:\documents and settings\Papa\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.0.lnk
      backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OoPDFSettingsv6.exe]
      2003-11-20 09:38 460800 ----a-w- c:\program files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "c:\\Program Files\\Messenger\\msmsgs.exe"=
      "c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"=
      "c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"=
      "c:\\Program Files\\AOL 9.0\\aol.exe"=
      "c:\\APPS\\Inventime\\my.exe"=
      "c:\\APPS\\skype\\phone\\Skype.exe"=
      "c:\\WINDOWS\\system32\\sessmgr.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "c:\\APPS\\Powercinema\\PowerCinema.exe"=
      "c:\\Program Files\\AOL 9.0\\waol.exe"=
      "c:\\Program Files\\Hercules\\DualPix Exchange\\Station2.exe"=
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\Program Files\\Canon\\Canon IJ Network Scan Utility\\CNMNSUT.EXE"=
      "c:\\Program Files\\Canon\\Canon IJ Network Tool\\CNMNPUT.EXE"=
      "c:\\WINDOWS\\system32\\ftp.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
      "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
      "c:\\Program Files\\iTunes\\iTunes.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "6901:TCP"= 6901:TCP:video msn mesenger
      "1863:TCP"= 1863:TCP:dialogues msn messenger

      R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008000.029\SymEFA.sys [03/02/2010 18:11 310320]
      R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1008000.029\BHDrvx86.sys [03/02/2010 18:11 259632]
      R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1008000.029\cchpx86.sys [03/02/2010 18:11 482432]
      R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [03/01/2010 14:21 7936]
      R1 IDSxpx86;IDSxpx86;d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100528.003\IDSXpx86.sys [28/05/2010 21:33 331640]
      R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [23/05/2009 17:47 3712]
      R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [03/02/2010 18:11 117640]
      R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [27/10/2005 13:18 710144]
      R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/06/2009 09:39 102448]
      R3 hxctlflt;hxctlflt;c:\windows\system32\drivers\hxctlflt.sys [08/02/2009 22:42 99968]
      R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [13/02/2009 20:21 272128]
      S2 gupdate1c9d705ec2397f6;Service Google Update (gupdate1c9d705ec2397f6);c:\program files\Google\Update\GoogleUpdate.exe [17/05/2009 17:40 133104]
      S3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [26/05/2008 12:31 94208]
      S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\d:\docume~1\Papa\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> d:\docume~1\Papa\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?]
      S3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\fnettboh.sys [03/01/2010 14:21 23680]
      S3 PVUSB;CESG502 USB Driver;c:\windows\system32\drivers\cesg502.sys [24/09/2009 10:24 40672]
      S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys --> c:\windows\System32\Drivers\SjyPkt.sys [?]
      .
      Contenu du dossier 'Tâches planifiées'

      2010-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-17 15:40]

      2010-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-17 15:40]

      2010-06-08 c:\windows\Tasks\User_Feed_Synchronization-{98D8E7A5-E43E-47EE-935D-B17F9A489FDD}.job
      - c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
      .
      .
      ------- Examen supplémentaire -------
      .
      uStart Page = hxxp://www.sfr.fr/fr/adsl.jsp
      uInternet Connection Wizard,ShellNext = hxxp://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=BM3
      uInternet Settings,ProxyOverride = *.local
      uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
      IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
      IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
      Trusted Zone: micosoft.com\v4.Windowsupdate
      Trusted Zone: microsoft.com\Windowsupdate
      Trusted Zone: Windowsupdate.com\Download
      DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
      DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} - hxxp://www.m6video.fr/1click/install/files/installer2.cab
      DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} - hxxp://www.mypixmania.com/importer/MypixUploader.cab
      DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - hxxps://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
      .
      - - - - ORPHELINS SUPPRIMES - - - -

      BHO-{527B218C-EFBF-4C90-8F5F-B572A0CE2697} - c:\windows\system32\rbkcdqjf.dll



      **************************************************************************

      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2010-06-08 16:44
      Windows 5.1.2600 Service Pack 3 NTFS

      Recherche de processus cachés ...

      Recherche d'éléments en démarrage automatique cachés ...

      Recherche de fichiers cachés ...

      Scan terminé avec succès
      Fichiers cachés: 0

      **************************************************************************

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
      "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MysqlInventime]
      "ImagePath"="c:\apps\INVENT~1\mysql\bin\mysqld-nt --defaults-file=c:\apps\Inventime\mysql\my.ini MysqlInventime"
      .
      --------------------- CLES DE REGISTRE BLOQUEES ---------------------

      [HKEY_USERS\S-1-5-21-646265780-4222595010-3655448000-1010\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
      "??"=hex:10,11,b5,a9,c1,c7,3e,76,b9,87,43,6c,ff,e9,62,79,fd,00,2f,d3,d2,6a,25,
      b6,31,a1,2e,1f,b3,a0,0b,7f,28,8b,54,10,bf,83,3d,86,d0,9e,72,6e,76,dc,7d,7c,\
      "??"=hex:95,3e,db,68,06,10,31,3b,48,55,83,2c,0c,8a,a4,c8

      [HKEY_USERS\S-1-5-21-646265780-4222595010-3655448000-1010\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0]
      "Percents"="0 0.1247 0.3475 0.4589 0.5756 0.7745 0.7798 "
      "Increment"=".011494"
      "FRT"="S7scj3oKaZQnWbQe3V6SfWiALMaTBcNS49K7tndsZLe39mbZ+KBZHw=="
      "PLCK"="oqLN6wP3BZUxh2dxb3pNGB/pvztxErHt"
      "PHSH"=""
      .
      --------------------- DLLs chargées dans les processus actifs ---------------------

      - - - - - - - > 'winlogon.exe'(1136)
      c:\windows\system32\Ati2evxx.dll

      - - - - - - - > 'explorer.exe'(3272)
      c:\program files\Logitech\SetPoint\lgscroll.dll
      c:\progra~1\WINDOW~2\wmpband.dll
      c:\windows\system32\msi.dll
      c:\windows\system32\eappprxy.dll
      c:\windows\system32\webcheck.dll
      c:\windows\system32\WPDShServiceObj.dll
      c:\windows\system32\PortableDeviceTypes.dll
      c:\windows\system32\PortableDeviceApi.dll
      .
      ------------------------ Autres processus actifs ------------------------
      .
      c:\windows\system32\Ati2evxx.exe
      c:\windows\system32\Ati2evxx.exe
      c:\progra~1\FICHIE~1\AOL\ACS\AOLacsd.exe
      c:\program files\Bonjour\mDNSResponder.exe
      c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
      c:\windows\system32\CTsvcCDA.exe
      c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
      c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
      c:\program files\Canon\IJPLM\IJPLMSVC.EXE
      c:\program files\Java\jre6\bin\jqs.exe
      c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
      c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
      c:\apps\Powercinema\Kernel\TV\CLSched.exe
      c:\windows\system32\wscntfy.exe
      c:\windows\RTHDCPL.EXE
      c:\apps\ABoard\AOSD.exe
      c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
      c:\program files\iPod\bin\iPodService.exe
      c:\program files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
      c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
      .
      **************************************************************************
      .
      Heure de fin: 2010-06-08 16:52:44 - La machine a redémarré
      ComboFix-quarantined-files.txt 2010-06-08 14:52
      ComboFix2.txt 2010-06-07 19:45
      ComboFix3.txt 2010-06-06 09:31
      ComboFix4.txt 2010-06-05 12:52

      Avant-CF: 13 235 712 000 octets libres
      Après-CF: 13 197 889 536 octets libres

      - - End Of File - - 152FCDBD79CD1E8E94BAE136B8E6C427
      0
  18. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    cela me va mieux...

    comment va le pc ?

    fais passer un nouveau et j'espère dernier ZHPdiag stp
    0
    1. nono5577 Messages postés 45 Statut Membre
       
      Rapport fait,mais impossible à envoyer
      0
    2. nono5577 Messages postés 45 Statut Membre
       
      http://www.cijoint.fr/cjlink.php?file=cj201006/cijD7u9Uzf.txt

      Enfin!!!!!!!

      Au démarrage du PC,message suivant:

      RUN DLL

      Erreur chargement de "rafsyamf.dll"

      le module spécifié est introuvable .

      Je clique sur OK, et le message disparait....
      0
  19. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    ok

    1)

    Relance ZHPDiag ( Clic droit " Executer en tant qu'administrateur " sous vista ) , fais un scan puis cette fois-ci cliques sur l'icone en forme d'écusson vert " ZHPFix ".

    ZHPFix se lancera, clique maintenant sur le " H " bleu ( coller les lignes helper ) puis copie/colle ces lignes

    O42 - Logiciel: Sky-Banners browser enhancer - (.Pas de propriétaire.) [HKLM]
    O42 - Logiciel: Street-Ads Browser Enhancer - (.Pas de propriétaire.) [HKLM]
    [HKCU\Software\Sky-Banners]
    [HKCU\Software\Street-Ads]
    [HKLM\Software\Sky-Banners]
    [HKLM\Software\Street-Ads]


    Clique sur " Ok " , puis " Tous " et enfin " Nettoyer ".

    Copie/Colle le rapport à l'écran dans ton prochain message

    ...........................

    2)

    Télécharge SEAF ( de C__XX ) sur ton bureau :

    ici http://pagesperso-orange.fr/NosTools/C_XX/SEAF.exe

    * Double clique sur "SEAF.exe" ( clique droit et "Exécuter en tant qu'administrateur" pour Vista / 7 ) pour lancer l'outil.

    * Dans l'encardré blanc " Entrez ci dessous...." copie/colle ceci :

    rafsyamf.dll

    * Au niveau des " options des fichiers ", fait les réglages suivant :
    > A "Calculer le checksum" , choisis : MD5
    > Coche la case devant " Info. supplémentaire ".
    > Coche la case devant " Afficher les ADS "

    * Au niveau des " options du registre " :
    > coche " chercher également dans le registre "

    ( ne touche à aucun autre réglage )

    * Clique sur " Lancer la recherche " et laisse travailler l'outil ...
    ( cela peut-être plus ou moins long suivant les cas ).

    --> Une fois terminé, une fenêtre avec un log .txt va s'afficher. Enregistre ce rapport de façon à le retrouver facilement ( sur le bureau par exemple ). Sinon il sera en outre sauvegardé à la racine de ton disque dur ( ici > C:\SEAFLog.txt )

    0
    1. nono5577 Messages postés 45 Statut Membre
       
      ZHPFix v1.12.3104 by Nicolas Coolman - Rapport de suppression du 08/06/2010 20:25:53
      Fichier d'export Registre : C:\ZHPExportRegistry-08-06-2010-20-25-53.txt
      Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
      Contact : nicolascoolman@yahoo.fr

      Processus mémoire :
      (Néant)

      Module mémoire :
      (Néant)

      Clé du Registre :
      O42 - Logiciel: Sky-Banners browser enhancer - (.Pas de propriétaire.) [HKLM] => Clé supprimée avec succès
      O42 - Logiciel: Street-Ads Browser Enhancer - (.Pas de propriétaire.) [HKLM] => Clé supprimée avec succès
      HKCU\Software\Sky-Banners => Clé supprimée avec succès
      HKCU\Software\Street-Ads => Clé supprimée avec succès
      HKLM\Software\Sky-Banners => Clé supprimée avec succès
      HKLM\Software\Street-Ads => Clé supprimée avec succès

      Valeur du Registre :
      (Néant)

      Elément de données du Registre :
      (Néant)

      Préférences navigateur :
      (Néant)

      Dossier :
      (Néant)

      Fichier :
      (Néant)

      Logiciel :
      O42 - Logiciel: Sky-Banners browser enhancer - (.Pas de propriétaire.) [HKLM] => Logiciel supprimé avec succès
      O42 - Logiciel: Street-Ads Browser Enhancer - (.Pas de propriétaire.) [HKLM] => Logiciel supprimé avec succès

      Script Registre :
      (Néant)

      Master Boot Record :
      (Néant)

      Autre :
      (Néant)


      Récapitulatif :
      Processus mémoire : 0
      Module mémoire : 0
      Clé du Registre : 6
      Valeur du Registre : 0
      Elément de données du Registre : 0
      Dossier : 0
      Fichier : 0
      Logiciel : 2
      Master Boot Record : 0
      Préférences navigateur : 0
      Autre : 0


      End of the scan
      0
    2. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
       
      vu

      => SEAF
      0
    3. nono5577 Messages postés 45 Statut Membre
       
      1. ========================= SEAF 1.0.0.7 - C_XX
      2.
      3. Commencé à: 20:46:00 le 08/06/2010
      4.
      5. Valeur(s) recherchée(s):
      6.
      7. rafsyamf.dll
      8.
      9. (!) --- Calcul du Hash "MD5"
      10. (!) --- Affichage des ADS
      11. (!) --- Informations supplémentaires
      12. (!) --- Recherche registre
      13.
      14. ====== Fichier(s) (TC: Date de création, TM: Date de modification, DA, Dernier accès) ======
      15.
      16. "c:\Qoobox\Quarantine\C\WINDOWS\system32\rafsyamf.dll.vir" [ ----A---- | 327680 ]
      17. TC: 04/06/2010,00:11:38 | TM: 04/06/2010,00:11:38 | DA: 06/06/2010,14:21:51
      18. MD5: 46a19d2fd341c55a5aab4c8257883bda
      19.
      20.
      21. ProductVersion: 1.8.5.0
      22. FileVersion: 1.8.5.0
      23.
      24. =========================
      25.
      26. ====== Dossier(s) (TC: Date de création, TM: Date de modification, DA, Dernier accès) ======
      27.
      28. Aucun dossier trouvé
      29.
      30.
      31. ====== Entrée(s) du registre ======
      32.
      33.
      34.
      35. [HKEY_CLASSES_ROOT\AppID\{84C3C236-F588-4c93-84F4-147B2ABBE67B}\apps\{38061EDC-40BB-4618-A8DA-E56353347E6D}]
      36. ""="C:\WINDOWS\system32\rafsyamf.dll"
      37.
      38. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{84C3C236-F588-4c93-84F4-147B2ABBE67B}\apps\{38061EDC-40BB-4618-A8DA-E56353347E6D}]
      39. ""="C:\WINDOWS\system32\rafsyamf.dll"
      40.
      41. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      42. "skb"="rundll32 "rafsyamf.dll",,Run"
      43.
      44. =========================
      45.
      46. Fin à: 20:48:46 le 08/06/2010 ( E.O.F )
      0
  20. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    /!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour nono5577, il n'est pas transposable sur un autre ordinateur !

    crées un sur ton bureau un nouveau fichier bloc note que tu nommeras CFScript
    Copies y ce texte dedans et enregistres le

    KillAll::

    Registry::

    HKEY_CLASSES_ROOT\AppID\{84C3C236-F588-4c93-84F4-147B2ABBE67B}\apps\{38061EDC-40BB-4618-A8DA-E56353347E6D}]
    ""=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{84C3C236-F588-4c93-84F4-147B2ABBE67B}\apps\{38061EDC-40BB-4618-A8DA-E56353347E6D}]
    ""=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "skb"=-


    * Désactive tes logiciels de protection
    * Fais un glisser/déposer de ce fichier CFScript.txt sur le fichier Combofix.exe (comme le lien suivant)
    http://apu.mabul.org/up/apu/2008/09/06/img-2258535my8h.gif
    * Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
    * Si le fichier ne s'ouvre pas, il se trouve ici ? C:\ComboFix.txt
    0
    1. nono5577 Messages postés 45 Statut Membre
       
      Bonjour,
      Debout de bon matin comme moi !
      Merci,je fais ça dans l'aprés-midi.
      Tu peux me dire où on en est dans la désinfection,je crois que ça se termine,non?
      Bonne journée.
      0
    2. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
       
      si on regle ca

      Erreur chargement de "rafsyamf.dll"

      et que tu me confirmes ensuite que tout va bien...alors oui, nous finaliserons
      0
    3. nono5577 Messages postés 45 Statut Membre
       
      ComboFix 10-06-03.01 - Papa 09/06/2010 16:34:24.5.2 - x86
      Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.444 [GMT 2:00]
      Lancé depuis: d:\documents and settings\Papa\Bureau\ComboFix.exe
      Commutateurs utilisés :: d:\documents and settings\Papa\Bureau\CFScript.txt
      AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
      FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
      .

      ((((((((((((((((((((((((((((( Fichiers créés du 2010-05-09 au 2010-06-09 ))))))))))))))))))))))))))))))))))))
      .

      2010-06-08 18:42 . 2010-06-08 18:48 -------- d-----w- c:\program files\SEAF
      2010-06-07 17:09 . 2010-06-07 17:09 -------- d-----w- C:\Yoog_Fix
      2010-06-03 10:53 . 2010-06-03 21:25 -------- d-----w- c:\program files\List_Kill'em
      2010-06-02 17:02 . 2010-06-08 18:25 -------- d-----w- c:\program files\ZHPDiag
      2010-05-31 10:18 . 2010-05-31 10:18 -------- d-----w- c:\program files\$NtUninstallWTF1012$
      2010-05-22 15:56 . 2010-05-22 15:56 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
      2010-05-16 13:00 . 2010-05-16 13:00 -------- d-----w- d:\documents and settings\Papa\Local Settings\Application Data\Symantec
      2010-05-15 14:10 . 2010-05-15 14:10 -------- d-----w- c:\program files\Trend Micro
      2010-05-15 12:34 . 2010-05-15 12:34 -------- d-----w- d:\documents and settings\Papa\Application Data\Malwarebytes
      2010-05-15 12:34 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
      2010-05-15 12:34 . 2010-05-15 12:34 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes
      2010-05-15 12:34 . 2010-05-15 12:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
      2010-05-15 12:34 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2010-06-09 14:47 . 2004-08-16 15:41 85154 ----a-w- c:\windows\system32\perfc00C.dat
      2010-06-09 14:47 . 2004-08-16 15:41 511538 ----a-w- c:\windows\system32\perfh00C.dat
      2010-06-08 17:03 . 2008-10-04 16:13 -------- d-----w- d:\documents and settings\All Users\Application Data\CanonIJPLM
      2010-06-06 16:12 . 2006-04-11 18:52 -------- d-----w- d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
      2010-06-06 13:32 . 2009-02-10 16:36 1 ----a-w- d:\documents and settings\Papa\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
      2010-06-05 08:18 . 2008-12-21 13:08 -------- d-----w- c:\program files\Microsoft Silverlight
      2010-06-03 21:26 . 2007-01-25 15:56 210984 ----a-w- d:\documents and settings\Papa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
      2010-06-03 10:28 . 2008-06-07 16:37 -------- d-----w- c:\program files\Windows Live
      2010-06-03 10:26 . 2008-01-14 18:22 -------- d-----w- c:\program files\Sony
      2010-05-30 16:38 . 2008-12-07 13:43 -------- d-----w- d:\documents and settings\Papa\Application Data\gtk-2.0
      2010-05-26 18:25 . 2006-07-23 09:02 -------- d-----w- c:\program files\CCleaner
      2010-05-15 12:29 . 2006-05-09 14:03 -------- d-----w- c:\program files\Lavasoft
      2010-05-07 15:44 . 2010-05-07 15:44 -------- d-----w- d:\documents and settings\All Users\Application Data\F-Secure
      2010-05-03 17:34 . 2010-05-03 17:33 -------- d-----w- d:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
      2010-05-03 17:34 . 2009-12-17 08:55 -------- d-----w- c:\program files\iTunes
      2010-05-03 17:34 . 2010-05-03 17:34 -------- d-----w- c:\program files\iPod
      2010-05-03 17:33 . 2008-12-13 13:08 -------- d-----w- c:\program files\Fichiers communs\Apple
      2010-05-03 17:29 . 2008-12-13 13:08 -------- d-----w- c:\program files\QuickTime
      2010-05-03 17:23 . 2010-05-03 17:23 -------- d-----w- c:\program files\Bonjour
      2010-05-03 17:19 . 2010-05-03 17:19 73000 ----a-w- d:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
      2010-04-29 18:47 . 2010-04-29 18:47 3600384 ----a-w- c:\windows\system32\GPhotos.scr
      2010-04-08 11:20 . 2010-04-08 11:20 91424 ----a-w- c:\windows\system32\dnssd.dll
      2010-04-08 11:20 . 2010-04-08 11:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
      2010-03-30 10:27 . 2010-03-30 12:16 1109 ----a-w- d:\documents and settings\Papa\Application Data\Genie-Soft\GBMLite8Lacie\Jobs\sauvegarde mars 2010\00000000\maindata.sys
      2007-01-23 18:02 . 2007-01-23 18:02 1150 ----a-w- c:\program files\wallpaperenable.reg
      2006-03-04 15:46 . 2006-01-29 16:25 560 ----a-w- c:\program files\Global.sw
      .

      ((((((((((((((((((((((((((((( SnapShot@2010-06-05_12.48.53 )))))))))))))))))))))))))))))))))))))))))
      .
      + 2010-06-09 14:44 . 2010-06-09 14:44 16384 c:\windows\Temp\Perflib_Perfdata_630.dat
      + 2010-06-09 14:43 . 2010-06-09 14:43 16384 c:\windows\Temp\Perflib_Perfdata_57c.dat
      + 2004-08-16 15:40 . 2010-06-09 14:47 71482 c:\windows\system32\perfc009.dat
      - 2004-08-16 15:40 . 2010-06-05 08:21 71482 c:\windows\system32\perfc009.dat
      - 2010-05-31 10:18 . 2010-06-04 07:01 79782 c:\windows\$NtUninstallMTF1011$\apUninstall.exe
      + 2004-08-16 15:40 . 2010-06-09 14:47 441704 c:\windows\system32\perfh009.dat
      - 2004-08-16 15:40 . 2010-06-05 08:21 441704 c:\windows\system32\perfh009.dat
      .
      ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 68856]
      "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
      "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
      "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
      "AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-08 57344]
      "RTHDCPL"="RTHDCPL.EXE" [2005-06-29 14720000]
      "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-12 136600]
      "Ulead AutoDetector v2"="c:\program files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
      "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
      "ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]
      "ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
      "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-10-27 180269]
      "BOOT"="c:\program files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe" [2002-08-16 476160]
      "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
      "CamserviceDP"="c:\program files\Hercules\DualPix Exchange\Camservice.exe" [2007-08-10 81920]
      "PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-05-11 127118]
      "IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-11-19 128352]
      "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 94208]
      "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
      "UsbBoost"="c:\program files\UsbBoost\TurboHddUsb.exe" [2010-01-03 3788800]
      "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
      "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
      "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
      "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

      d:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
      Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-5-23 593920]
      NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2009-2-13 1261568]
      OFFICE One Clock v6.5.lnk - c:\program files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe [2006-12-9 257536]

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
      @="FSFilter Activity Monitor"

      [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^OFFICE One Notes v6.5.lnk]
      path=d:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\OFFICE One Notes v6.5.lnk
      backup=c:\windows\pss\OFFICE One Notes v6.5.lnkCommon Startup

      [HKLM\~\startupfolder\D:^Documents and Settings^Papa^Menu Démarrer^Programmes^Démarrage^Club Internet.lnk]
      path=d:\documents and settings\Papa\Menu Démarrer\Programmes\Démarrage\Club Internet.lnk
      backup=c:\windows\pss\Club Internet.lnkStartup

      [HKLM\~\startupfolder\D:^Documents and Settings^Papa^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.0.lnk]
      path=d:\documents and settings\Papa\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.0.lnk
      backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OoPDFSettingsv6.exe]
      2003-11-20 09:38 460800 ----a-w- c:\program files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "c:\\Program Files\\Messenger\\msmsgs.exe"=
      "c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"=
      "c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"=
      "c:\\Program Files\\AOL 9.0\\aol.exe"=
      "c:\\APPS\\Inventime\\my.exe"=
      "c:\\APPS\\skype\\phone\\Skype.exe"=
      "c:\\WINDOWS\\system32\\sessmgr.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "c:\\APPS\\Powercinema\\PowerCinema.exe"=
      "c:\\Program Files\\AOL 9.0\\waol.exe"=
      "c:\\Program Files\\Hercules\\DualPix Exchange\\Station2.exe"=
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\Program Files\\Canon\\Canon IJ Network Scan Utility\\CNMNSUT.EXE"=
      "c:\\Program Files\\Canon\\Canon IJ Network Tool\\CNMNPUT.EXE"=
      "c:\\WINDOWS\\system32\\ftp.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
      "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
      "c:\\Program Files\\iTunes\\iTunes.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "6901:TCP"= 6901:TCP:video msn mesenger
      "1863:TCP"= 1863:TCP:dialogues msn messenger

      R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008000.029\SymEFA.sys [03/02/2010 18:11 310320]
      R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1008000.029\BHDrvx86.sys [03/02/2010 18:11 259632]
      R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1008000.029\cchpx86.sys [03/02/2010 18:11 482432]
      R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [03/01/2010 14:21 7936]
      R1 IDSxpx86;IDSxpx86;d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100528.003\IDSXpx86.sys [28/05/2010 21:33 331640]
      R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [23/05/2009 17:47 3712]
      R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [03/02/2010 18:11 117640]
      R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [27/10/2005 13:18 710144]
      R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/06/2009 09:39 102448]
      R3 hxctlflt;hxctlflt;c:\windows\system32\drivers\hxctlflt.sys [08/02/2009 22:42 99968]
      R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [13/02/2009 20:21 272128]
      S2 gupdate1c9d705ec2397f6;Service Google Update (gupdate1c9d705ec2397f6);c:\program files\Google\Update\GoogleUpdate.exe [17/05/2009 17:40 133104]
      S3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [26/05/2008 12:31 94208]
      S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\d:\docume~1\Papa\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> d:\docume~1\Papa\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?]
      S3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\fnettboh.sys [03/01/2010 14:21 23680]
      S3 PVUSB;CESG502 USB Driver;c:\windows\system32\drivers\cesg502.sys [24/09/2009 10:24 40672]
      S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys --> c:\windows\System32\Drivers\SjyPkt.sys [?]
      .
      Contenu du dossier 'Tâches planifiées'

      2010-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-17 15:40]

      2010-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-17 15:40]

      2010-06-09 c:\windows\Tasks\User_Feed_Synchronization-{98D8E7A5-E43E-47EE-935D-B17F9A489FDD}.job
      - c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
      .
      .
      ------- Examen supplémentaire -------
      .
      uStart Page = hxxp://www.sfr.fr/fr/adsl.jsp
      uInternet Connection Wizard,ShellNext = hxxp://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=BM3
      uInternet Settings,ProxyOverride = *.local
      uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
      IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
      IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
      Trusted Zone: micosoft.com\v4.Windowsupdate
      Trusted Zone: microsoft.com\Windowsupdate
      Trusted Zone: Windowsupdate.com\Download
      DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
      DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} - hxxp://www.m6video.fr/1click/install/files/installer2.cab
      DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} - hxxp://www.mypixmania.com/importer/MypixUploader.cab
      DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - hxxps://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
      .

      **************************************************************************

      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2010-06-09 16:45
      Windows 5.1.2600 Service Pack 3 NTFS

      Recherche de processus cachés ...

      Recherche d'éléments en démarrage automatique cachés ...

      Recherche de fichiers cachés ...

      Scan terminé avec succès
      Fichiers cachés: 0

      **************************************************************************

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
      "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MysqlInventime]
      "ImagePath"="c:\apps\INVENT~1\mysql\bin\mysqld-nt --defaults-file=c:\apps\Inventime\mysql\my.ini MysqlInventime"
      .
      --------------------- CLES DE REGISTRE BLOQUEES ---------------------

      [HKEY_USERS\S-1-5-21-646265780-4222595010-3655448000-1010\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
      "??"=hex:10,11,b5,a9,c1,c7,3e,76,b9,87,43,6c,ff,e9,62,79,fd,00,2f,d3,d2,6a,25,
      b6,31,a1,2e,1f,b3,a0,0b,7f,28,8b,54,10,bf,83,3d,86,d0,9e,72,6e,76,dc,7d,7c,\
      "??"=hex:95,3e,db,68,06,10,31,3b,48,55,83,2c,0c,8a,a4,c8

      [HKEY_USERS\S-1-5-21-646265780-4222595010-3655448000-1010\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0]
      "Percents"="0 0.1247 0.3475 0.4589 0.5756 0.7745 0.7798 "
      "Increment"=".011494"
      "FRT"="S7scj3oKaZQnWbQe3V6SfWiALMaTBcNS49K7tndsZLe39mbZ+KBZHw=="
      "PLCK"="oqLN6wP3BZUxh2dxb3pNGB/pvztxErHt"
      "PHSH"=""
      .
      --------------------- DLLs chargées dans les processus actifs ---------------------

      - - - - - - - > 'winlogon.exe'(1144)
      c:\windows\system32\Ati2evxx.dll

      - - - - - - - > 'explorer.exe'(2916)
      c:\program files\Logitech\SetPoint\lgscroll.dll
      c:\progra~1\WINDOW~2\wmpband.dll
      c:\windows\system32\msi.dll
      c:\windows\system32\eappprxy.dll
      c:\windows\system32\webcheck.dll
      c:\windows\system32\WPDShServiceObj.dll
      c:\windows\system32\PortableDeviceTypes.dll
      c:\windows\system32\PortableDeviceApi.dll
      .
      ------------------------ Autres processus actifs ------------------------
      .
      c:\windows\system32\Ati2evxx.exe
      c:\windows\system32\Ati2evxx.exe
      c:\progra~1\FICHIE~1\AOL\ACS\AOLacsd.exe
      c:\program files\Bonjour\mDNSResponder.exe
      c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
      c:\windows\system32\CTsvcCDA.exe
      c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
      c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
      c:\program files\Canon\IJPLM\IJPLMSVC.EXE
      c:\program files\Java\jre6\bin\jqs.exe
      c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
      c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
      c:\apps\Powercinema\Kernel\TV\CLSched.exe
      c:\windows\system32\wscntfy.exe
      c:\windows\RTHDCPL.EXE
      c:\apps\ABoard\AOSD.exe
      c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
      c:\program files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
      c:\program files\iPod\bin\iPodService.exe
      c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
      .
      **************************************************************************
      .
      Heure de fin: 2010-06-09 16:53:10 - La machine a redémarré
      ComboFix-quarantined-files.txt 2010-06-09 14:52
      ComboFix2.txt 2010-06-08 14:52
      ComboFix3.txt 2010-06-07 19:45
      ComboFix4.txt 2010-06-06 09:31
      ComboFix5.txt 2010-06-09 14:33

      Avant-CF: 13 611 376 640 octets libres
      Après-CF: 13 586 976 768 octets libres

      - - End Of File - - 35F340D08648F9749ADE8FF7891067AA
      0
  21. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    je ne suis pas sûr que la manoeuvre combofix a fonctionné

    as tu encore ces messages d'erreur
    0
    1. nono5577 Messages postés 45 Statut Membre
       
      Bonsoir,

      Merci pour ta disponibilité journalière.

      Je viens d'éteindre et de rallumer mon pc et le message RUN n'est pas apparu.
      0
  • 1
  • 2